CVE-2024-0964

CVSS 3.1 Score 9.4 of 10 (high)

Details

Published Feb 5, 2024

Updated: Feb 13, 2024

CWE ID 22

Summary

CVE-2024-0964 is a newly identified vulnerability affecting the Gradio API. This issue arises from a local file include vulnerability that can be exploited remotely. An attacker can manipulate a user-supplied JSON value in an API request, leading to the inclusion and execution of malicious files. This vulnerability poses a significant risk, allowing unauthorized access and potential data theft or system compromise. Users are strongly advised to apply the necessary patches or upgrades as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uS0vON
https://www.cve.org/CVERecord?id=CVE-2024-0964
https://nvd.nist.gov/vuln/detail/CVE-2024-0964

Back to Vulnerability Database

CVE-2024-0964

CVSS 3.1 Score 9.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations