CVE-2024-8021
published 2025-03-20CVE-2024-8021: An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website…
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.72%
49.4th percentile
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio-app_gradio | unspecified – latest | — |
| gradio_project | gradio | 0 – 4.37.2 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gradio Vulnerable to Open Redirect
ghsa·2025-03-20
CVE-2024-8021 [MEDIUM] CWE-601 Gradio Vulnerable to Open Redirect
Gradio Vulnerable to Open Redirect
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site.
OSV
Gradio Vulnerable to Open Redirect
osv·2025-03-20
CVE-2024-8021 [MEDIUM] Gradio Vulnerable to Open Redirect
Gradio Vulnerable to Open Redirect
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site.
No detection rules found.
Nuclei
Gradio - Open Redirect
nuclei·CVSS 6.1
CVE-2024-8021 [MEDIUM] Gradio - Open Redirect
Gradio - Open Redirect
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application.
Template:
id: CVE-2024-8021
info:
name: Gradio - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application.
impact: |
Attackers can craft malicious URLs with encoded redirects that send users to phishing sites or malicious domains, leading to credential theft and undermining trust in the Gradio application.
remediation: |
Update Gradio to a version that addresses the open redirect vulnerabilit
No writeups or analysis indexed.
2025-03-20
Published