{"data":{"id":"38a6b11a-eb38-450b-9a71-6200c64cfab4","title":"CVE-2024-47871: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communica","summary":"Gradio, an open-source Python package for building demos, has a vulnerability where the connection between the FRP client and server (fast reverse proxy, a tool that exposes local applications to the internet) isn't encrypted when the `share=True` option is used. This means attackers can intercept and read files uploaded to the server or modify data being sent, putting sensitive information at risk for users sharing Gradio demos publicly online.","solution":"Users should upgrade to `gradio>=5` to fix this issue. As an alternative, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled (a secure protocol that encrypts communication) to ensure safe data transmission.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-47871","publishedAt":"2024-10-11T03:15:03.187Z","cveId":"CVE-2024-47871","cweIds":["CWE-311","CWE-311"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00083,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}