CVE Details
Basic Information
| Title | gradio-app gradio CORS is_valid_origin origin validation |
|---|---|
| Type | cve |
| Published | 2025-05-29T13:31:04.612Z |
| Last Seen |
Product Information
| Vendor | gradio-app |
|---|---|
| Product | gradio |
| Version | 5.29.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in gradio up to version 5.29.1 allows remote attackers to exploit an origin validation error in the CORS handler, potentially leading to unauthorized access or data leakage. The attack is complex and difficult to exploit, but the vulnerability has been publicly disclosed and the vendor did not respond to early notification. |
|---|---|
| AI Severity | Medium |
| Vendor | gradio-app |
| Product | gradio |
| Affected Version | up to 5.29.1 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-346, CWE-345 |
| Bulletin Family | |
| Source Data | gradio-app gradio 5.29.0 gradio-app gradio 5.29.1 |
Source Information
| Source Data | gradio-app gradio 5.29.0 gradio-app gradio 5.29.1 |
|---|---|
| Source Link |
Description
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 6.3 (MEDIUM)