CVE-2023-51449 – gradio

Package

Manager: pip
Name: gradio
Vulnerable Version: >=0 <4.11.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.79587 pctl0.99056

Details

Gradio makes the `/file` secure against file traversal and server-side request forgery attacks Older versions of `gradio` contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as `curl` with the `--pass-as-is` flag. Furthermore, the `/file` route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks. Both of these vulnerabilities have been fixed in `gradio==4.11.0`

Metadata

Created: 2023-12-21T18:24:28Z
Modified: 2024-02-16T21:52:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-6qm2-wpxq-7qh2/GHSA-6qm2-wpxq-7qh2.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-6qm2-wpxq-7qh2
Finding: F063
Auto approve: 1