Information Exposure Through Timing Discrepancy in Gradio - CVE-2024-47869
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the analytics dashboard.
The vulnerability exists due to observable timing discrepancies in hash comparison in the analytics_dashboard function when comparing attacker-supplied keys against the expected hash. A remote attacker can send repeated requests and measure response times to infer the correct hash byte-by-byte to gain unauthorized access to the analytics dashboard.