CVE-2023-51449
CVSS V2 None
CVSS V3 None
Description
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.
Overview
- CVE ID
- CVE-2023-51449
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-22T20:58:36.185Z
- Last Modified Date
- 2024-06-20T18:27:57.779Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 | x_refsource_CONFIRM |
https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 | x_refsource_MISC |
https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-51449 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51449 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 18:32:26 | Added to TrackCVE |