Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Race condition in update_root_in_config may redirect user traffic in Gradio
Vulnerability Description
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Gradio 竞争条件问题漏洞
Vulnerability Description
Gradio是Hugging Face开源的一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio存在竞争条件问题漏洞,该漏洞源于攻击者利用该漏洞可以将用户流量重定向到恶意服务器。
CVSS Information
N/A
Vulnerability Type
N/A