Vulnerability in Gradio-app Gradio

CVE-2024-47871

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not e…

EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.

Affected products

Gradio-app Gradio — versions < 5.0.0

Weakness classification (CWE)

CWE-311 — Missing Encryption of Sensitive Data

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-279j-x4gx-hfrh (x_refsource_CONFIRM)