A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
References
Link | Resource |
---|---|
https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 | Patch |
https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-02-05T22:53:44.859Z
Updated: 2024-02-05T22:53:44.859Z
Reserved: 2024-01-26T17:49:37.055Z
Link: CVE-2024-0964
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-05T23:15:08.190
Modified: 2024-02-13T18:42:22.847
Link: CVE-2024-0964
JSON object: View
Redhat Information
No data.
CWE