CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.0%

CVSS Severity

CVSS v3 Score 5.9

References

https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b
https://huntr.com/bounties/f6a10a8d-f538-4cb7-9bb2-85d9f5708124
https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b
https://huntr.com/bounties/f6a10a8d-f538-4cb7-9bb2-85d9f5708124

Products affected by CVE-2024-1729

Gradio Project » Gradio » Version: 4.18.0

cpe:2.3:a:gradio_project:gradio:4.18.0
Gradio Project » Gradio » Version: 4.19.0

cpe:2.3:a:gradio_project:gradio:4.19.0
Gradio Project » Gradio » Version: 4.19.1

cpe:2.3:a:gradio_project:gradio:4.19.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1729

Products

Pricing

Contact Us