4 matches found
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +319 more potentially affected by CVE-2024-12217 via gradio (>=1.7.7 <=5.0.1)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.2, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-12217 Source advisory: OSV:GHSA-PRPG-P95C-32FV...
CVE-2024-12217 Path Traversal in gradio-app/gradio
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...
CVE-2024-12217
CVE-2024-12217 affects the gradio-app/gradio project (commit git 67e4044). The flaw in the blocked_path implementation on Windows allows path traversal via NTFS Alternate Data Streams syntax (e.g., C:/tmp/secret.txt::$DATA), bypassing blocks that prevent access to restricted files and enabling re...
CVE-2024-12217 Path Traversal in gradio-app/gradio
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...