{"vulnerability": "cve-2024-4787", "sightings": [{"uuid": "4da577f0-b2ae-4a6c-bf1a-988b61570831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "a3c0065e-5e5b-4f71-bb6d-02d6e42fc3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47877", "type": "seen", "source": "https://t.me/cvedetector/7712", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47877 - Extract Library Symlink Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47877 \nPublished : Oct. 11, 2024, 5:15 p.m. | 16\u00a0minutes ago \nDescription : Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T19:33:22.000000Z"}, {"uuid": "4c10c373-788b-4e31-8aa3-50333c0c2abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47875", "type": "seen", "source": "https://t.me/cvedetector/7686", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47875 - DOMPurify Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-47875 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:49.000000Z"}, {"uuid": "80cc50cf-df84-43e0-957d-67871cf91375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47872", "type": "seen", "source": "https://t.me/cvedetector/7654", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47872 - Gradio Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47872 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:10.000000Z"}, {"uuid": "27f949ee-20b9-4e65-a5b3-3bdc9e345eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47871", "type": "seen", "source": "https://t.me/cvedetector/7653", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47871 - Gradio FRP Insecure Communication RCE\", \n  \"Content\": \"CVE ID : CVE-2024-47871 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:10.000000Z"}, {"uuid": "f0aa7ed9-5403-4ba1-a4bc-47cb3ce38940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47870", "type": "seen", "source": "https://t.me/cvedetector/7648", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47870 - Gradio URL Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47870 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:03.000000Z"}, {"uuid": "1f2bfc9f-ce81-4440-88eb-8e5c7329728f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47876", "type": "seen", "source": "https://t.me/cvedetector/7932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47876 - Sakai Roleview Kernel User Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-47876 \nPublished : Oct. 15, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T18:36:54.000000Z"}, {"uuid": "f5a092c4-bd24-4851-92bf-ed29b2670646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505054477519291", "content": "", "creation_timestamp": "2024-11-18T17:08:04.331299Z"}, {"uuid": "3625ae7b-1d74-4153-89a3-2e01c12a520d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505700408685113", "content": "", "creation_timestamp": "2024-11-18T19:52:20.606809Z"}, {"uuid": "5f1675fe-8538-4f14-9f20-ca03de65e1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47875", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ly226ri5cl2t", "content": "", "creation_timestamp": "2025-09-04T21:02:28.442448Z"}, {"uuid": "b8898f63-11a7-4796-be4b-c0f9cb0ee93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47875", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-03", "content": "", "creation_timestamp": "2026-02-12T11:00:00.000000Z"}, {"uuid": "29d4bb5a-34fd-4dde-9b88-4f70fee7aca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47875", "type": "published-proof-of-concept", "source": "Telegram/WY-9Xxj10-yIxNz5etQKEpBxWDUt-r9BmVVxJ6woOOCN4dI", "content": "", "creation_timestamp": "2025-09-02T19:00:08.000000Z"}, {"uuid": "4063a53d-10ad-41d9-a756-f37005ef7973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47875", "type": "published-proof-of-concept", "source": "Telegram/ZajECAXxVemPspodPVVRmSZ4HkKXIVfRoYTrMcXgDznCg3c", "content": "", "creation_timestamp": "2025-09-02T21:00:05.000000Z"}, {"uuid": "4f90413d-df7a-44e4-a88b-eb9871907655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "https://t.me/cvedetector/11378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48917 - Apache PhpSpreadsheet XXE Encoder Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-48917 \nPublished : Nov. 18, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding=\"UTF-8\"` with `\"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T21:34:11.000000Z"}, {"uuid": "76ecd381-a6e2-427c-a312-7f5d5e21a02a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "https://t.me/cvedetector/11368", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47873 - PhpSpreadsheet XXE Payload Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47873 \nPublished : Nov. 18, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:53.000000Z"}, {"uuid": "3407f455-ba77-4d6c-be36-85475fab215e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47879", "type": "seen", "source": "https://t.me/cvedetector/8864", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47879 - OpenRefine CSRF rststem Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47879 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains at least one row, and the attacker must convince the victim to open a malicious webpage. Version 3.8.3 fixes the issue. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:44.000000Z"}, {"uuid": "f5c99eeb-8cb0-47bf-b2be-053655b7d930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47878", "type": "seen", "source": "https://t.me/cvedetector/8860", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47878 - OpenRefine Unvalidated Script Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47878 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:38.000000Z"}, {"uuid": "62475ba9-8272-489f-a7c3-76192bebab9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47874", "type": "seen", "source": "https://t.me/cvedetector/7931", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47874 - Starlette Multipart Form Field Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47874 \nPublished : Oct. 15, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T18:36:50.000000Z"}, {"uuid": "67b8b06f-6bc8-40e0-b848-12207a3dee77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47873", "type": "seen", "source": "Telegram/XbzNykNWGXm_6ZX2UF7ghboXRUl3-qKeYhpGWT2smNTQTNvH", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"}]}