gradio@4.28.3 vulnerabilities

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition due to improper isolation in functions update_root_in_config and route handlers that access and modify blocks.config. Attackers can exploit this by sending requests with malicious headers, such as X-Forwarded-Host, to inject a fake root URL into the application's configuration.

Upgrade gradio to version 5.0.0b5 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via the /custom_component endpoint. An attacker can access and leak source code from custom components by manipulating the file path in the request.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Timing Attack due to the analytics_dashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the improper handling of the enable_monitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint.

Note: This is only exploitable if the enable_monitoring flag is set to False.

Upgrade gradio to version 4.44.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error due the localhost_aliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal within the is_in_or_equal function. An attacker can access restricted files by manipulating file paths using parent directory sequences (..).

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Race Condition in the update_root_in_config function. An attacker can redirect user traffic to a malicious server, potentially intercepting sensitive data such as authentication credentials or uploaded files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal through the post-processing step. An attacker can expose sensitive files by crafting requests that bypass expected input constraints.

Notes: If combined with other vulnerabilities that facilitate unauthorized file access, this could lead to sensitive files being exposed to unauthorized users.

The vulnerable Components are:

1. String to FileData: DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton

2. Complex data to FileData: Chatbot, MultimodalTextbox

3. Direct file read in preprocess: Code

4. Dictionary converted to FileData: ParamViewer, Dataset

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execute when other users download or view these files.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the async_save_url_to_cache function in the /queue/join endpoint. An attacker can send HTTP requests to user-controlled URLs, potentially targeting internal servers or services within a local network and possibly exfiltrating data or causing unwanted internal requests.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP client is downloaded.

Note: This vulnerability impacts any users utilizing the server's sharing mechanism that download the FRP client, especially those relying on the executable binary for secure data tunneling.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with arbitrary values, despite the allow_custom_value parameter being set to False.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent between the client and server.

Upgrade gradio to version 5.0.0 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

There is no fixed version for gradio.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the /queue/join endpoint and the save_url_to_cache function. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation of the path parameter.

Upgrade gradio to version 5.0.0b1 or higher.

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to improper input validation in the postprocess function within gradio/components/json_component.py. An attacker can read files on the remote system by sending a crafted JSON object that includes a path key, which is then improperly handled and allows file retrieval from unintended directories.

Upgrade gradio to version 4.31.3 or higher.