CVE-2024-47167 | Gradio up to 4.x Video Component /queue/join async_save_url_to_cache server-side request forgery (GHSA-576c-3j53-r9jj)

Posted by Angelo Barbosa | Oct 11, 2024 | CVE

A vulnerability classified as critical was found in Gradio up to 4.x. Affected by this vulnerability is the function async_save_url_to_cache of the file /queue/join of the component Video Component. The manipulation leads to server-side request forgery.

This vulnerability is known as CVE-2024-47167. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47167 | Gradio up to 4.x Video Component /queue/join async_save_url_to_cache server-side request forgery (GHSA-576c-3j53-r9jj)

Related Posts

CVE-2024-38354 | hackmdio codimd up to 2.5.3 HTML Tag name HTML injection (GHSA-22jv-vch8-2vp9)

CVE-2024-36856 | RMQTT Broker 0.4.0 TCP Packet denial of service

CVE-2024-1845 | VikRentCar Car Rental Management System Plugin up to 1.3.1 on WordPress cross-site request forgery

CVE-2024-27795 | Apple macOS up to 14.7 Camera Extension permission