CVE-2024-1729
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Gradio apps vulnerable to timing attacks to guess password
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | gradio | <4.19.2 | 4.19.2 |
References
- https://github.com/gradio-app/gradio/security/advisories/GHSA-hmx6-r76c-85g9
- https://nvd.nist.gov/vuln/detail/CVE-2024-1729
- https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b
- https://github.com/gradio-app/gradio
- https://github.com/gradio-app/gradio/releases/tag/gradio%404.19.2
- https://huntr.com/bounties/f6a10a8d-f538-4cb7-9bb2-85d9f5708124
Verify integrity in audit chain (admin only). AS-IS.