CVE-2024-4940 — MEDIUM (CVSS 6.1) AI Security Vulnerability

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
gradio	pip	—	No patch

Do you use gradio? You're affected.

Severity & Risk

CVSS 3.1

6.1 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page.

Weaknesses (CWE)

CWE-601

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60
Exploit 3rd Party
huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60
Exploit 3rd Party

Timeline

Published

June 22, 2024

Last Modified

July 29, 2025

First Seen

June 22, 2024