CVE-2024-1183

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Related Vulnerabilities

CVE-2017-15419

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted ...

CWE-6012017

CVE-2018-0924

MEDIUM
CVSS:6.5(Medium)

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013...

CWE-6012018

CVE-2019-3778

MEDIUM
CVSS:6.5(Medium)

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector a...

CWE-6012019

CVE-2019-6741

MEDIUM
CVSS:6.5(Medium)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User intera...

CWE-6012019

CVE-2020-4598

MEDIUM
CVSS:6.5(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote at...

CWE-6012020

CVE-2021-3989

MEDIUM
CVSS:6.5(Medium)

showdoc is vulnerable to URL Redirection to Untrusted Site

CWE-6012021