CVE-2024-47167 | Gradio up to 4.x Video Component /queue/join async_save_url_to_cache server-side request forgery (GHSA-576c-3j53-r9jj)

Posted by Angelo Barbosa | Oct 11, 2024 | CVE

A vulnerability classified as critical was found in Gradio up to 4.x. Affected by this vulnerability is the function async_save_url_to_cache of the file /queue/join of the component Video Component. The manipulation leads to server-side request forgery.

This vulnerability is known as CVE-2024-47167. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47167 | Gradio up to 4.x Video Component /queue/join async_save_url_to_cache server-side request forgery (GHSA-576c-3j53-r9jj)

Related Posts

CVE-2024-39291 | Linux Kernel up to 6.6.32/6.9.3 amdgpu cp_compute_microcode buffer overflow (19bd9537b6bc/f1b6a016dfa4/acce6479e30f)

CVE-2024-3107 | Spectra Plugin up to 2.12.6 on WordPress path traversal

CVE-2024-5823 | gaizhenbiao ChuanhuChatGPT up to 20240410 Setting file inclusion

CVE-2024-25914 | Photoboxone SMTP Mail Plugin up to 1.3.20 on WordPress cross-site request forgery