Open Redirect Vulnerability in Gradio by Gradio-App
CVE-2024-8021
6.1MEDIUM
What is CVE-2024-8021?
An open redirect vulnerability in the Gradio application allows attackers to manipulate URLs and redirect unsuspecting users to malicious websites. By crafting a specific request, an attacker can exploit this flaw to initiate a 302 redirect, leading users to compromised locations without their consent. This presents significant risks, including phishing attacks and the potential exposure of sensitive information.
Affected Version(s)
gradio-app/gradio <= unspecified
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
CVSS V3.0
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved