Download of code without integrity check in Gradio - CVE-2024-47867
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to introduce malicious code.
The vulnerability exists due to improper integrity verification in the FRP client download mechanism when downloading the FRP client from a remote URL. A remote attacker can modify the downloaded binary to introduce malicious code.
Exploitation requires access to the remote URL from which the FRP client is downloaded.