Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of integrity check on the downloaded FRP client in Gradio
Vulnerability Description
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Gradio 数据伪造问题漏洞
Vulnerability Description
Gradio是Hugging Face开源的一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio存在数据伪造问题漏洞,该漏洞源于如果攻击者获得下载 FRP 客户端的远程 URL 的访问权限,他们可以在不被发现的情况下修改二进制文件,因为 Gradio 服务器不会验证文件的校验和或签名。
CVSS Information
N/A
Vulnerability Type
N/A