CVE-2024-3451005.05.2024, 20:15Gradio before 4.20 allows credential leakage on Windows.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmitreCNA7.5 HIGHNETWORKLOWNONECVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:NCISA-ADPADP------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 17%VendorProductVersiongradio_projectgradio𝑥< 4.20.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.Referenceshttps://github.com/gradio-app/gradio/https://www.gradio.app/changelog#4-20-0https://github.com/gradio-app/gradio/https://www.gradio.app/changelog#4-20-0