gradio@3.45.0b7 vulnerabilities

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition due to improper isolation in functions update_root_in_config and route handlers that access and modify blocks.config. Attackers can exploit this by sending requests with malicious headers, such as X-Forwarded-Host, to inject a fake root URL into the application's configuration.

Upgrade gradio to version 5.0.0b5 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via the /custom_component endpoint. An attacker can access and leak source code from custom components by manipulating the file path in the request.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Timing Attack due to the analytics_dashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the improper handling of the enable_monitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint.

Note: This is only exploitable if the enable_monitoring flag is set to False.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due the localhost_aliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal within the is_in_or_equal function. An attacker can access restricted files by manipulating file paths using parent directory sequences (..).

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition in the update_root_in_config function. An attacker can redirect user traffic to a malicious server, potentially intercepting sensitive data such as authentication credentials or uploaded files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal through the post-processing step. An attacker can expose sensitive files by crafting requests that bypass expected input constraints.

Notes: If combined with other vulnerabilities that facilitate unauthorized file access, this could lead to sensitive files being exposed to unauthorized users.

The vulnerable Components are:

1. String to FileData: DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton

2. Complex data to FileData: Chatbot, MultimodalTextbox

3. Direct file read in preprocess: Code

4. Dictionary converted to FileData: ParamViewer, Dataset

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execute when other users download or view these files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the async_save_url_to_cache function in the /queue/join endpoint. An attacker can send HTTP requests to user-controlled URLs, potentially targeting internal servers or services within a local network and possibly exfiltrating data or causing unwanted internal requests.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP client is downloaded.

Note: This vulnerability impacts any users utilizing the server's sharing mechanism that download the FRP client, especially those relying on the executable binary for secure data tunneling.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with arbitrary values, despite the allow_custom_value parameter being set to False.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent between the client and server.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the /queue/join endpoint and the save_url_to_cache function. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation of the path parameter.

Upgrade gradio to version 5.0.0b1 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to improper input validation in the postprocess function within gradio/components/json_component.py. An attacker can read files on the remote system by sending a crafted JSON object that includes a path key, which is then improperly handled and allows file retrieval from unintended directories.

Upgrade gradio to version 4.31.3 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Access Control due to the improper consideration of the _is_server_fn attribute. An attacker can execute unauthorized functions by exploiting this oversight.

Upgrade gradio to version 4.13.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Credential Exposure due to insufficient checks for double-slash patterns in the starts_with_protocol() function.

Note: This vulnerability only exists on Windows.

Upgrade gradio to version 4.20.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Upgrade gradio to version 4.10.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Access Control due to the /component_server endpoint improperly allowing the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access.

Notes:

1. It is even more critical because running an app with launch(share=True) will expose the app to the internet allowing anyone to read files on users computers.

2. All gradio apps hosted on huggingface.co are also vulnerable.

Upgrade gradio to version 4.13.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input in the UploadButton component. An attacker can read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the /queue/join endpoint. This issue could potentially lead to remote code execution through the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.

Note

Every Gradio instance utilizing the UploadButton component is vulnerable.

Upgrade gradio to version 4.19.2 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition that impacts the synchronization between state and loading status updates. An attacker could disrupt service and cause a denial of service by exploiting this vulnerability.

Upgrade gradio to version 4.22.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Command Line Parameter Handling due to improper handling of secrets in the continuous integration (CI) process. An attacker can exfiltrate sensitive information by exploiting the misconfiguration in the CI setup.

Upgrade gradio to version 4.18.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the /proxy route. An attacker can manipulate the self.replica_urls set by exploiting weaknesses in the application's handling of the X-Direct-Url header and proxy arbitrary URLs including potential internal endpoints by specifying a target URL.

Upgrade gradio to version 4.18.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the flawed implementation of CORS rules that require the host header to be localhost (or one of its aliases) and, if present, the origin header to be localhost (or one of its aliases) as well. An attacker can exploit this by crafting requests that bypass these restrictions.

Note:

This vulnerability has a low impact on the availability of the target system. Sustained attacks may cause the system to not have enough disk space left to operate properly.

Upgrade gradio to version 4.19.2 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Command Injection. A user who can control the value of github.event.workflow_run.head_branch can inject shell commands into the "Generate changeset" workflow.

Upgrade gradio to version 4.1.2 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Timing Attack due to the way string comparisons are handled, allowing them to terminate early upon finding a mismatch. This behavior can be exploited by an attacker to conduct a brute-force attack to guess the password of password-protected applications by making numerous attempts without being rate-limited.

Upgrade gradio to version 4.19.2 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via a vulnerable user-supplied JSON value in an API request. An attacker can read arbitrary files on the server by submitting a crafted JSON payload that exploits path traversal sequences.

Upgrade gradio to version 4.9.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) using the /file route since it used to perform a GET/HEAD request to determine if a filepath was a possible URL.

Upgrade gradio to version 4.10.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) or path traversal allowing arbitrary file reads, via the /file route. This is exploitable using e.g. the --path-as-is option to curl, but not from a browser.

Upgrade gradio to version 4.11.0 or higher.