{"data":{"id":"6db58b6e-f466-4270-8860-48dfdf0fa926","title":"CVE-2024-4940: An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows a","summary":"Gradio (a popular framework for building AI interfaces) has a vulnerability called an open redirect, which means attackers can trick the application into sending users to fake websites by exploiting improper URL validation. This can be used for phishing attacks (tricking people into revealing passwords), XSS (cross-site scripting, where attackers inject malicious code into web pages), and other exploits.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-4940","publishedAt":"2024-06-22T10:15:11.137Z","cveId":"CVE-2024-4940","cweIds":["CWE-601"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.07236,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}