3 matches found
CVE-2024-12217 Path Traversal in gradio-app/gradio
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...
CVE-2024-1561
An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...
CVE-2024-1540
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized...