{"data":{"id":"5c1f7ec6-692e-4834-b038-72faa2d28cfa","title":"CVE-2024-4253: A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.y","summary":"A command injection vulnerability (a type of attack where specially crafted input tricks a system into running unintended commands) exists in the Gradio project's automated workflow file, where unsanitized (unfiltered) repository and branch names could be exploited to steal sensitive credentials like authentication tokens. The vulnerability affects Gradio versions up to @gradio/video@0.6.12.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-4253","publishedAt":"2024-06-04T12:15:10.863Z","cveId":"CVE-2024-4253","cweIds":["CWE-78"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio","gradio-app/gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.019,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}