gradio@4.19.1 vulnerabilities
Python library for easily interacting with trained machine learning models
-
latest version
5.5.0
-
first published
6 years ago
-
latest version published
4 days ago
-
licenses detected
- [0.9.8,)
Direct Vulnerabilities
Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the How to fix Server-side Request Forgery (SSRF)? There is no fixed version for |
[0,)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition due to improper isolation in functions How to fix Race Condition? Upgrade |
[,5.0.0b5)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade |
[,4.44.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error due to the How to fix Origin Validation Error? Upgrade |
[,4.44.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Timing Attack due to the How to fix Timing Attack? Upgrade |
[,4.44.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the improper handling of the Note:
This is only exploitable if the How to fix Always-Incorrect Control Flow Implementation? Upgrade |
[,4.44.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error due the How to fix Origin Validation Error? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal within the is_in_or_equal function. An attacker can access restricted files by manipulating file paths using parent directory sequences ( How to fix Directory Traversal? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition in the How to fix Race Condition? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal through the post-processing step. An attacker can expose sensitive files by crafting requests that bypass expected input constraints. Notes: If combined with other vulnerabilities that facilitate unauthorized file access, this could lead to sensitive files being exposed to unauthorized users. The vulnerable Components are:
How to fix Directory Traversal? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execute when other users download or view these files. How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP client is downloaded. Note: This vulnerability impacts any users utilizing the server's sharing mechanism that download the FRP client, especially those relying on the executable binary for secure data tunneling. How to fix Resources Downloaded over Insecure Protocol? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Input Validation through the How to fix Improper Input Validation? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the How to fix Missing Encryption of Sensitive Data? Upgrade |
[,5.0.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate Note: This vulnerability is disputed by the maintainer because the report is about a user attacking himself. How to fix Arbitrary Code Injection? There is no fixed version for |
[0,)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the How to fix Open Redirect? There is no fixed version for |
[0,)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,5.0.0b1)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to improper input validation in the How to fix Directory Traversal? Upgrade |
[,4.31.3)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Credential Exposure due to insufficient checks for double-slash patterns in the Note: This vulnerability only exists on Windows. How to fix Credential Exposure? Upgrade |
[,4.20.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input in the Note Every Gradio instance utilizing the UploadButton component is vulnerable. How to fix Directory Traversal? Upgrade |
[,4.19.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition that impacts the synchronization between state and loading status updates. An attacker could disrupt service and cause a denial of service by exploiting this vulnerability. How to fix Race Condition? Upgrade |
[,4.22.0)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the flawed implementation of CORS rules that require the Note: This vulnerability has a low impact on the availability of the target system. Sustained attacks may cause the system to not have enough disk space left to operate properly. How to fix Cross-Site Request Forgery (CSRF)? Upgrade |
[,4.19.2)
|
gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Timing Attack due to the way string comparisons are handled, allowing them to terminate early upon finding a mismatch. This behavior can be exploited by an attacker to conduct a brute-force attack to guess the password of password-protected applications by making numerous attempts without being rate-limited. How to fix Timing Attack? Upgrade |
[,4.19.2)
|