Exploit for Path Traversal in Gradio_Project Gradio

CVE-2024-1728 CVE-2024-1728 POC A serious vulnerability has be...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751

Gradio Arbitrary File Read (CVE-2024-51751): Affects Gradio

CVE-2024-1728 Local File Inclusion in gradio-app/gradio

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-1728

Gradio has a local file inclusion/path traversal vulnerability in the UploadButton component (affecting Gradio prior to 4.19.2). Attackers could read arbitrary files on the host (e.g., private keys) by manipulating the file path in requests to /queue/join, with potential remote code execution ris...