Gradio Security Vulnerabilities and Issues — Gradio CVE List

Lucene search

Gradio ProjectGradio

9 matches found

CVE•added 2024/04/16 12:15 a.m.•88 views

CVE-2024-1561

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy a...

7.5CVSS6AI score0.93452EPSS

CVE•added 2023/12/22 9:15 p.m.•76 views

CVE-2023-51449

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal att...

7.5CVSS6.5AI score0.79587EPSS

CVE•added 2021/12/15 8:15 p.m.•74 views

CVE-2021-43831

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any ...

7.7CVSS7.3AI score0.30342EPSS

CVE•added 2024/06/06 6:15 p.m.•53 views

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS7.3AI score0.00479EPSS

CVE•added 2024/03/27 1:15 a.m.•52 views

CVE-2024-2206

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the ad...

7.3CVSS7AI score0.00095EPSS

CVE•added 2024/10/10 11:15 p.m.•48 views

CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downl...

7.5CVSS7.5AI score0.00126EPSS

CVE•added 2024/06/04 8:15 a.m.•47 views

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secre...

7.5CVSS7.7AI score0.00872EPSS

CVE•added 2024/10/10 11:15 p.m.•44 views

CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected i...

7.5CVSS7.5AI score0.00175EPSS

CVE•added 2024/05/05 8:15 p.m.•38 views

CVE-2024-34510

Gradio before 4.20 allows credential leakage on Windows.

7.5CVSS6.8AI score0.00056EPSS