Vulnerability in Gradio-app Gradio

CVE-2024-47870

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to…

Vulnerability class: Race Condition

EPSS: 0.002 (40.9th percentile) — read the EPSS interpretation.

Affected products

Gradio-app Gradio — versions < 5.0.0

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-xh2x-3mrm-fwqm (x_refsource_CONFIRM)