gradio 5.23.0 vulnerabilities

Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Path Equivalence gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Path Equivalence due to the `blocked_path()` function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions. How to fix Path Equivalence? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect. The `validate_url()` function can be forced to follow a redirect to an unintended site if the URL is passed to the `file` parameter and includes URL encoding. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)
H Denial of Service (DoS) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Denial of Service (DoS) through the file upload process. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render the system inaccessible for extended periods, disrupting services and causing significant downtime. How to fix Denial of Service (DoS)? There is no fixed version for `gradio`.	[0,)
H Undefined Behavior for Input to API gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the `dataframe` component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb. How to fix Undefined Behavior for Input to API? There is no fixed version for `gradio`.	[4.0.0,)
H Regular Expression Denial of Service (ReDoS) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the `gr.Datetime` component. An attacker can cause the server to consume excessive CPU resources and potentially lead to a service disruption by sending a specially crafted HTTP request. How to fix Regular Expression Denial of Service (ReDoS)? There is no fixed version for `gradio`.	[4.38.0,)
H Arbitrary File Write via Archive Extraction (Zip Slip) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the `Audio` component. An attacker can delete arbitrary file content by manipulating the output format, resetting any file to an empty state and causing a denial of service on the server. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `gradio`.	[4.0.0,)
H Server-side Request Forgery (SSRF) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the `save_url_to_cache` function. An attacker can access and download local resources and sensitive information. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `gradio`.	[0,)
M Arbitrary Code Injection gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate `pyi`. An attacker can execute arbitrary code by supplying crafted input. Note: This vulnerability is disputed by the maintainer because the report is about a user attacking himself. How to fix Arbitrary Code Injection? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the `file` parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)

Vulnerability

Vulnerable Version

Path Equivalence

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Path Equivalence due to the blocked_path() function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions.

How to fix Path Equivalence?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect. The validate_url() function can be forced to follow a redirect to an unintended site if the URL is passed to the file parameter and includes URL encoding.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

Denial of Service (DoS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Denial of Service (DoS) through the file upload process. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render the system inaccessible for extended periods, disrupting services and causing significant downtime.

How to fix Denial of Service (DoS)?

There is no fixed version for gradio.

[0,)

Undefined Behavior for Input to API

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the dataframe component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb.

How to fix Undefined Behavior for Input to API?

There is no fixed version for gradio.

[4.0.0,)

Regular Expression Denial of Service (ReDoS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the gr.Datetime component. An attacker can cause the server to consume excessive CPU resources and potentially lead to a service disruption by sending a specially crafted HTTP request.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for gradio.

[4.38.0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the Audio component. An attacker can delete arbitrary file content by manipulating the output format, resetting any file to an empty state and causing a denial of service on the server.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for gradio.

[4.0.0,)

Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for gradio.

[0,)

Arbitrary Code Injection

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

How to fix Arbitrary Code Injection?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

gradio@5.23.0 vulnerabilities

Python library for easily interacting with trained machine learning models

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?