CVE-2023-51449

Make the `/file` secure against file traversal attacks

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.

Gradio es un paquete Python de código abierto que le permite crear rápidamente una demostración o una aplicación web para su modelo de aprendizaje automático, API o cualquier función arbitraria de Python. Las versiones de `gradio` anteriores a la 4.11.0 contenían una vulnerabilidad en la ruta `/file` que las hacía susceptibles a ataques transversales de archivos en los que un atacante podía acceder a archivos arbitrarios en una máquina que ejecutaba una aplicación Gradio con una URL pública (por ejemplo, si la demostración se creó con `share=True`, o en Hugging Face Spaces) si conocían la ruta de los archivos a buscar. Este problema se solucionó en la versión 4.11.0.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-12-19 CVE Reserved
2023-12-22 CVE Published
2024-08-02 CVE Updated
2024-11-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (3)

URL	Tag	Source
https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76	2024-01-09
https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055	2024-01-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gradio Project Search vendor "Gradio Project"		Gradio Search vendor "Gradio Project" for product "Gradio"				< 4.11.0 Search vendor "Gradio Project" for product "Gradio" and version " < 4.11.0"		python		Affected