gradio@1.1.8 vulnerabilities
Python library for easily interacting with trained machine learning models
-
latest version
4.44.0
-
first published
6 years ago
-
latest version published
18 days ago
-
licenses detected
- [0.9.8,)
Direct Vulnerabilities
Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate Note: This vulnerability is disputed by the maintainer because the report is about a user attacking himself. How to fix Arbitrary Code Injection? There is no fixed version for |
[0,)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the How to fix Open Redirect? There is no fixed version for |
[0,)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,5.0.0b1)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to improper input validation in the How to fix Directory Traversal? Upgrade |
[,4.31.3)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Access Control due to the improper consideration of the How to fix Improper Access Control? Upgrade |
[,4.13.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Credential Exposure due to insufficient checks for double-slash patterns in the Note: This vulnerability only exists on Windows. How to fix Credential Exposure? Upgrade |
[,4.20.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,4.10.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Access Control due to the Notes:
How to fix Improper Access Control? Upgrade |
[,4.13.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input in the Note Every Gradio instance utilizing the UploadButton component is vulnerable. How to fix Directory Traversal? Upgrade |
[,4.19.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition that impacts the synchronization between state and loading status updates. An attacker could disrupt service and cause a denial of service by exploiting this vulnerability. How to fix Race Condition? Upgrade |
[,4.22.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Command Line Parameter Handling due to improper handling of secrets in the continuous integration (CI) process. An attacker can exfiltrate sensitive information by exploiting the misconfiguration in the CI setup. How to fix Improper Command Line Parameter Handling? Upgrade |
[,4.18.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,4.18.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the flawed implementation of CORS rules that require the Note: This vulnerability has a low impact on the availability of the target system. Sustained attacks may cause the system to not have enough disk space left to operate properly. How to fix Cross-Site Request Forgery (CSRF)? Upgrade |
[,4.19.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Command Injection. A user who can control the value of How to fix Arbitrary Command Injection? Upgrade |
[,4.1.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Timing Attack due to the way string comparisons are handled, allowing them to terminate early upon finding a mismatch. This behavior can be exploited by an attacker to conduct a brute-force attack to guess the password of password-protected applications by making numerous attempts without being rate-limited. How to fix Timing Attack? Upgrade |
[,4.19.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via a vulnerable user-supplied JSON value in an API request. An attacker can read arbitrary files on the server by submitting a crafted JSON payload that exploits path traversal sequences. How to fix Directory Traversal? Upgrade |
[,4.9.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) using the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,4.10.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) or path traversal allowing arbitrary file reads, via the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,4.11.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Input Validation in How to fix Improper Input Validation? Upgrade |
[,3.34.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials when using Gradio's share links (i.e. creating a Gradio app and then setting How to fix Use of Hard-coded Credentials? Upgrade |
[,3.13.1)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Neutralization of Formula Elements in a CSV File via the How to fix Improper Neutralization of Formula Elements in a CSV File? Upgrade |
[,2.8.11)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary File Read due to missing file path validation in How to fix Arbitrary File Read? Upgrade |
[,2.6.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary File Read via shared How to fix Arbitrary File Read? Upgrade |
[,2.5.0)
|