Safety vulnerability ID: 71659
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access.
Latest version: 5.9.1
Python library for easily interacting with trained machine learning models
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application