CVE-2024-47870
Published: 10 October 2024
Summary
CVE-2024-47870 is a high-severity Race Condition (CWE-362) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: AI Model Inference API Access (AML.T0040), LLM Prompt Injection (AML.T0051), Manipulate AI Model (AML.T0018).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0073
Vulnerability details
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting…
more
this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source platform for creating web-based UIs and demos for machine learning models, fitting under 'Other Platforms' as it enables rapid prototyping and deployment of AI/ML applications.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The race condition enables exploitation of a public-facing Gradio web application (T1190), allowing attackers to redirect frontend-to-backend traffic to a malicious server for adversary-in-the-middle interception of sensitive data like credentials (T1557).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.
Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.