VDB
EN
MEDIUM 6.8

GHSA-7hp7-4p35-3cx2

Gradio contains a cookie injection vulnerability

상세

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / gradio
최초 영향 버전: 0 수정 버전: 6.15.0
수정 pip install --upgrade 'gradio>=6.15.0'

참고