gradio@3.0b9 vulnerabilities

Python library for easily interacting with trained machine learning models

Direct Vulnerabilities

Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for gradio.

[0,)
  • H
Race Condition

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition due to improper isolation in functions update_root_in_config and route handlers that access and modify blocks.config. Attackers can exploit this by sending requests with malicious headers, such as X-Forwarded-Host, to inject a fake root URL into the application's configuration.

How to fix Race Condition?

Upgrade gradio to version 5.0.0b5 or higher.

[,5.0.0b5)
  • H
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via the /custom_component endpoint. An attacker can access and leak source code from custom components by manipulating the file path in the request.

How to fix Directory Traversal?

Upgrade gradio to version 4.44.0 or higher.

[,4.44.0)
  • H
Origin Validation Error

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data.

How to fix Origin Validation Error?

Upgrade gradio to version 4.44.0 or higher.

[,4.44.0)
  • M
Timing Attack

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Timing Attack due to the analytics_dashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard.

How to fix Timing Attack?

Upgrade gradio to version 4.44.0 or higher.

[,4.44.0)
  • L
Always-Incorrect Control Flow Implementation

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the improper handling of the enable_monitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint.

Note: This is only exploitable if the enable_monitoring flag is set to False.

How to fix Always-Incorrect Control Flow Implementation?

Upgrade gradio to version 4.44.0 or higher.

[,4.44.0)
  • M
Origin Validation Error

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due the localhost_aliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files.

How to fix Origin Validation Error?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal within the is_in_or_equal function. An attacker can access restricted files by manipulating file paths using parent directory sequences (..).

How to fix Directory Traversal?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • H
Race Condition

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition in the update_root_in_config function. An attacker can redirect user traffic to a malicious server, potentially intercepting sensitive data such as authentication credentials or uploaded files.

How to fix Race Condition?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal through the post-processing step. An attacker can expose sensitive files by crafting requests that bypass expected input constraints.

Notes: If combined with other vulnerabilities that facilitate unauthorized file access, this could lead to sensitive files being exposed to unauthorized users.

The vulnerable Components are:

  1. String to FileData: DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton

  2. Complex data to FileData: Chatbot, MultimodalTextbox

  3. Direct file read in preprocess: Code

  4. Dictionary converted to FileData: ParamViewer, Dataset

How to fix Directory Traversal?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Cross-site Scripting (XSS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execute when other users download or view these files.

How to fix Cross-site Scripting (XSS)?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the async_save_url_to_cache function in the /queue/join endpoint. An attacker can send HTTP requests to user-controlled URLs, potentially targeting internal servers or services within a local network and possibly exfiltrating data or causing unwanted internal requests.

How to fix Server-side Request Forgery (SSRF)?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • H
Resources Downloaded over Insecure Protocol

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP client is downloaded.

Note: This vulnerability impacts any users utilizing the server's sharing mechanism that download the FRP client, especially those relying on the executable binary for secure data tunneling.

How to fix Resources Downloaded over Insecure Protocol?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Improper Input Validation

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with arbitrary values, despite the allow_custom_value parameter being set to False.

How to fix Improper Input Validation?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • H
Missing Encryption of Sensitive Data

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent between the client and server.

How to fix Missing Encryption of Sensitive Data?

Upgrade gradio to version 5.0.0 or higher.

[,5.0.0)
  • M
Arbitrary Code Injection

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

How to fix Arbitrary Code Injection?

There is no fixed version for gradio.

[0,)
  • M
Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)
  • H
Server-Side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the /queue/join endpoint and the save_url_to_cache function. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation of the path parameter.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade gradio to version 5.0.0b1 or higher.

[,5.0.0b1)
  • H
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to improper input validation in the postprocess function within gradio/components/json_component.py. An attacker can read files on the remote system by sending a crafted JSON object that includes a path key, which is then improperly handled and allows file retrieval from unintended directories.

How to fix Directory Traversal?

Upgrade gradio to version 4.31.3 or higher.

[,4.31.3)
  • M
Improper Access Control

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Access Control due to the improper consideration of the _is_server_fn attribute. An attacker can execute unauthorized functions by exploiting this oversight.

How to fix Improper Access Control?

Upgrade gradio to version 4.13.0 or higher.

[,4.13.0)
  • H
Credential Exposure

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Credential Exposure due to insufficient checks for double-slash patterns in the starts_with_protocol() function.

Note: This vulnerability only exists on Windows.

How to fix Credential Exposure?

Upgrade gradio to version 4.20.0 or higher.

[,4.20.0)
  • M
Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

How to fix Server-side Request Forgery (SSRF)?

Upgrade gradio to version 4.10.0 or higher.

[,4.10.0)
  • H
Improper Access Control

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Access Control due to the /component_server endpoint improperly allowing the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access.

Notes:

  1. It is even more critical because running an app with launch(share=True) will expose the app to the internet allowing anyone to read files on users computers.

  2. All gradio apps hosted on huggingface.co are also vulnerable.

How to fix Improper Access Control?

Upgrade gradio to version 4.13.0 or higher.

[,4.13.0)
  • H
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input in the UploadButton component. An attacker can read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the /queue/join endpoint. This issue could potentially lead to remote code execution through the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.

Note

Every Gradio instance utilizing the UploadButton component is vulnerable.

How to fix Directory Traversal?

Upgrade gradio to version 4.19.2 or higher.

[,4.19.2)
  • M
Race Condition

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition that impacts the synchronization between state and loading status updates. An attacker could disrupt service and cause a denial of service by exploiting this vulnerability.

How to fix Race Condition?

Upgrade gradio to version 4.22.0 or higher.

[,4.22.0)
  • H
Improper Command Line Parameter Handling

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Command Line Parameter Handling due to improper handling of secrets in the continuous integration (CI) process. An attacker can exfiltrate sensitive information by exploiting the misconfiguration in the CI setup.

How to fix Improper Command Line Parameter Handling?

Upgrade gradio to version 4.18.0 or higher.

[,4.18.0)
  • H
Server-Side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the /proxy route. An attacker can manipulate the self.replica_urls set by exploiting weaknesses in the application's handling of the X-Direct-Url header and proxy arbitrary URLs including potential internal endpoints by specifying a target URL.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade gradio to version 4.18.0 or higher.

[,4.18.0)
  • M
Cross-Site Request Forgery (CSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the flawed implementation of CORS rules that require the host header to be localhost (or one of its aliases) and, if present, the origin header to be localhost (or one of its aliases) as well. An attacker can exploit this by crafting requests that bypass these restrictions.

Note:

This vulnerability has a low impact on the availability of the target system. Sustained attacks may cause the system to not have enough disk space left to operate properly.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade gradio to version 4.19.2 or higher.

[,4.19.2)
  • H
Arbitrary Command Injection

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Command Injection. A user who can control the value of github.event.workflow_run.head_branch can inject shell commands into the "Generate changeset" workflow.

How to fix Arbitrary Command Injection?

Upgrade gradio to version 4.1.2 or higher.

[,4.1.2)
  • C
Timing Attack

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Timing Attack due to the way string comparisons are handled, allowing them to terminate early upon finding a mismatch. This behavior can be exploited by an attacker to conduct a brute-force attack to guess the password of password-protected applications by making numerous attempts without being rate-limited.

How to fix Timing Attack?

Upgrade gradio to version 4.19.2 or higher.

[,4.19.2)
  • H
Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via a vulnerable user-supplied JSON value in an API request. An attacker can read arbitrary files on the server by submitting a crafted JSON payload that exploits path traversal sequences.

How to fix Directory Traversal?

Upgrade gradio to version 4.9.0 or higher.

[,4.9.0)
  • M
Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) using the /file route since it used to perform a GET/HEAD request to determine if a filepath was a possible URL.

How to fix Server-side Request Forgery (SSRF)?

Upgrade gradio to version 4.10.0 or higher.

[,4.10.0)
  • M
Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) or path traversal allowing arbitrary file reads, via the /file route. This is exploitable using e.g. the --path-as-is option to curl, but not from a browser.

How to fix Server-side Request Forgery (SSRF)?

Upgrade gradio to version 4.11.0 or higher.

[,4.11.0)
  • H
Improper Input Validation

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Input Validation in /file and /proxy routes. An unauthorized user can access arbitrary files via the /file route, and can perform server side request forgery or expose tokens with a malicious Space via the /proxy route.

How to fix Improper Input Validation?

Upgrade gradio to version 3.34.0 or higher.

[,3.34.0)
  • M
Use of Hard-coded Credentials

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Use of Hard-coded Credentials when using Gradio's share links (i.e. creating a Gradio app and then setting share=True). A private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos.

How to fix Use of Hard-coded Credentials?

Upgrade gradio to version 3.13.1 or higher.

[,3.13.1)