CVE-2024-4940

Name of the Vulnerable Software and Affected Versions gradio-app/gradio version latest

Description An open redirect issue exists due to improper validation of user-supplied input in URL handling, allowing attackers to redirect users to arbitrary websites. This can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. Attackers can craft a malicious URL that redirects the user to an attacker-controlled web page when processed by the application.

Recommendations For the latest version, consider disabling the URL redirection feature until a patch is available to prevent exploitation. Restrict access to the application to minimize the risk of attacks. Avoid using user-supplied input for URL handling until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.