Medium

gradio

Open Redirect via URL Encoding

An open redirect vulnerability was discovered in the latest version of the software, allowing attackers to redirect users to malicious websites. This issue was reported on July 3, 2024, and has not yet been patched.

Available publicly on Oct 01 2024

5.4

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Threat Overview

The vulnerability allows an attacker to craft a URL that, when visited by a user, redirects the user to an untrusted and potentially malicious site. This is achieved through URL encoding, which bypasses existing security measures. The server responds with a 302 Found status code, redirecting the user to the specified malicious URL.

Attack Scenario

An attacker could send a phishing email containing a link to the vulnerable application. When the user clicks on the link, they are redirected to a malicious website that could steal their credentials or install malware on their device.

Who is affected

Users of the latest version of the software who can be tricked into clicking on a malicious link are affected by this vulnerability.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.