Home > Vulnerability Database > CVE-2024-1729

Mend.io Vulnerability Database

CVE-2024-1729

Good to know:

Date: March 28, 2024

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access.

Language: Python

Severity Score

5.9

Related Resources (7)

Url: https://github.com/gradio-app/gradio/releases/tag/gradio%404.19.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1729

Url: https://github.com/gradio-app/gradio/security/advisories/GHSA-hmx6-r76c-85g9

Url: https://github.com/gradio-app/gradio

Url: https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b

Url: https://huntr.com/bounties/f6a10a8d-f538-4cb7-9bb2-85d9f5708124

Url: https://www.mend.io/vulnerability-database/CVE-2024-1729

Severity Score

5.9

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

Top Fix

Upgrade Version

Upgrade to version gradio - 4.19.2

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1729

Good to know:

Date: March 28, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?