Gradio Project

Gradio

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-1728

Exploit
  • EPSS 88.81%
  • Veröffentlicht 10.04.2024 17:15:53
  • Zuletzt bearbeitet 30.07.2025 14:51:22

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as priva...

5.9

CVE-2024-1729

Exploit
  • EPSS 0.08%
  • Veröffentlicht 29.03.2024 05:15:45
  • Zuletzt bearbeitet 30.07.2025 12:43:07

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user ...

8.2

CVE-2024-1540

Exploit
  • EPSS 0.4%
  • Veröffentlicht 27.03.2024 16:15:09
  • Zuletzt bearbeitet 30.07.2025 19:57:13

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized com...

6.5

CVE-2024-2206

Exploit
  • EPSS 0.13%
  • Veröffentlicht 27.03.2024 01:15:46
  • Zuletzt bearbeitet 29.07.2025 20:24:44

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header i...

4.3

CVE-2024-1727

Exploit
  • EPSS 0.12%
  • Veröffentlicht 21.03.2024 20:15:07
  • Zuletzt bearbeitet 30.07.2025 20:11:16

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file uploa...

9.4

CVE-2024-0964

Exploit
  • EPSS 0.15%
  • Veröffentlicht 05.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:47:54

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

7.5

CVE-2023-51449

  • EPSS 80.84%
  • Veröffentlicht 22.12.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:38:08

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` ro...

8.1

CVE-2023-6572

Exploit
  • EPSS 2.45%
  • Veröffentlicht 14.12.2023 14:15:46
  • Zuletzt bearbeitet 21.11.2024 08:44:07

Command Injection in GitHub repository gradio-app/gradio prior to main.

4.8

CVE-2023-41626

  • EPSS 0.09%
  • Veröffentlicht 15.09.2023 23:15:07
  • Zuletzt bearbeitet 21.11.2024 08:21:22

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

9.1

CVE-2023-34239

  • EPSS 0.26%
  • Veröffentlicht 08.06.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:50

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are ...