A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.
References
Configurations
No configuration.
History
16 Apr 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py. |
22 Mar 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Mar 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-21 20:15
Updated : 2024-04-16 12:15
NVD link : CVE-2024-1727
Mitre link : CVE-2024-1727
CVE.ORG link : CVE-2024-1727
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)