Gradio makes the `/file` secure against file traversal and server-side request forgery attacks

🗓️ 21 Dec 2023 18:28:24Reported by GoogleType

osv🔗 osv.dev👁 15 Views

Gradio /file security fix in version 4.11.

Reporter	Title	Published	Views	Family All 17
OSV	CVE-2023-51449	22 Dec 202321:15	–	osv
OSV	PYSEC-2023-249	22 Dec 202321:15	–	osv
OSV	CVE-2024-3234	6 Jun 202419:16	–	osv
NVD	CVE-2023-51449	22 Dec 202321:15	–	nvd
NVD	CVE-2024-3234	6 Jun 202419:16	–	nvd
CVE	CVE-2023-51449	22 Dec 202321:15	–	cve
CVE	CVE-2024-3234	6 Jun 202419:16	–	cve
Veracode	Path Traversal	22 Dec 202311:08	–	veracode
Cvelist	CVE-2023-51449 Make the `/file` secure against file traversal attacks	22 Dec 202320:58	–	cvelist
Cvelist	CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt	6 Jun 202418:20	–	cvelist

Source	Link
github	www.github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-51449
github	www.github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76
github	www.github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055
github	www.github.com/gradio-app/gradio
github	www.github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2023-249.yaml

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Dec 2023 18:24Current

7.5High risk

Vulners AI Score7.5

CVSS35.6 - 7.5

EPSS0.20855

SSVC