Race condition in Gradio - CVE-2024-47870
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect user traffic to a malicious server.
The vulnerability exists due to a race condition in update_root_in_config when updating the root URL used by the frontend to communicate with the backend. A remote attacker can modify the root URL to redirect user traffic to a malicious server.
This may enable interception of sensitive data such as authentication credentials or uploaded files.