<p>Upgrade <code>gradio</code> to version 4.10.0 or higher.</p>

Server-side Request Forgery (SSRF) Affecting gradio package, versions [,4.10.0)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-GRADIO-6141123
published 1 Jan 2024
disclosed 1 Jan 2024
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 1 Jan 2024

CWE-918 Open this link in a new tab

How to fix?

Upgrade gradio to version 4.10.0 or higher.

Overview

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) using the /file route since it used to perform a GET/HEAD request to determine if a filepath was a possible URL.

References

GitHub PR

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Changed

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

None

Server-side Request Forgery (SSRF) Affecting gradio package, versions [,4.10.0)

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 1 Jan 2024

How to fix?

Overview

References

CVSS Scores

Snyk