How to fix CVE-2024-8021?

Within 30 days: Identify affected systems running the latest and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Open Redirect affected by CVE-2024-8021?

Organizations using the latest should be aware of moderate risk from CVE-2024-8021 rated CVSS 6.1. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2024-8021

MEDIUM

2025-03-20 [email protected]

6.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

PoC Detected

Mar 26, 2025 - 16:39 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

MEDIUM 6.1

Description

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site.

Analysis

An open redirect vulnerability exists in the latest version of gradio-app/gradio. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical Context

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-controlled site. Affected products include: Gradio Project Gradio.

Affected Products

Gradio Project Gradio.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +2.7

CVSS: +30

POC: +20

CVE-2024-8021 vulnerability details – vuln.today

Back

CVE-2024-8021

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-8021

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code