CVE-2024-34510

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 4.20

Description The issue is related to insufficient protection of sensitive data in Gradio, a Python package for creating applications for machine learning models. This can allow a remote attacker to gain access to credentials. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 4.20, update to version 4.20 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until a patch is applied. Avoid using Gradio on Windows with versions prior to 4.20 to minimize the risk of credential leakage.