CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51751 – Arbitrary file read with File and UploadButton components in Gradio
https://notcve.org/view.php?id=CVE-2024-51751
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47870 – Race condition in update_root_in_config may redirect user traffic in Gradio
https://notcve.org/view.php?id=CVE-2024-47870
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. • https://github.com/gradio-app/gradio/security/advisories/GHSA-xh2x-3mrm-fwqm • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47871 – Insecure communication between the FRP client and server in Gradio
https://notcve.org/view.php?id=CVE-2024-47871
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. • https://github.com/gradio-app/gradio/security/advisories/GHSA-279j-x4gx-hfrh • CWE-311: Missing Encryption of Sensitive Data •