Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (app.auth[username] == password) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access.

Published: Mar 29, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-1729
GHSA: GHSA-hmx6-r76c-85g9
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
gradio	-	4.19.2
gradio_project / gradio	4.18.0	4.19.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo