Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-xh2x-3mrm-fwqm

GitHub Security Advisory

Gradio has a race condition in update_root_in_config may redirect user traffic

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
**What kind of vulnerability is it? Who is impacted?**

This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition.

### Patches
Yes, please upgrade to `gradio>=5` to address this issue.

Affected Packages

PyPI gradio
Affected versions: 0 (fixed in 5.0.0)

Related CVEs

CVE-2024-47870

Key Information

GHSA ID
GHSA-xh2x-3mrm-fwqm
Published
October 10, 2024 10:04 PM
Last Modified
January 21, 2025 5:18 PM
CVSS Score
7.5 /10
Primary Ecosystem
PyPI
Primary Package
gradio
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.