CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
9.0%
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess()
function within gradio/components/json_component.py
, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a path
key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the /file=..
endpoint. This issue is due to the processing_utils.move_files_to_cache()
function traversing any object passed to it, looking for a dictionary with a path
key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk.