Vulnerability in Gradio-app Gradio

CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker g…

EPSS: 0.002 (44.8th percentile) — read the EPSS interpretation.

Affected products

Gradio-app Gradio — versions < 5.0

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8m (x_refsource_CONFIRM)