EUVD-2021-2152

Malware in sbrugna...

Exploit for Path Traversal in Gradio_Project Gradio

CVE-2024-1728 CVE-2024-1728 POC A serious vulnerability has be...

CVE-2024-51751

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751

Gradio Arbitrary File Read (CVE-2024-51751): Affects Gradio

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

GHSA-RHM9-GP5P-5248 Gradio vulnerable to arbitrary file read with File and UploadButton components

Summary If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. Details Consider the following application where a user can...

Local File Inclusion (LFI)

gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...

Duplicate Advisory: Gradio Local File Inclusion vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m842-4qm8-7gpq. This link is maintained to preserve external references. Original Description gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied...

CVE-2024-1728

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728 Local File Inclusion in gradio-app/gradio

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728

Gradio has a local file inclusion/path traversal vulnerability in the UploadButton component (affecting Gradio prior to 4.19.2). Attackers could read arbitrary files on the host (e.g., private keys) by manipulating the file path in requests to /queue/join, with potential remote code execution ris...