Overview
- Description
- Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-22
Social media
- Hype score
- Not currently trending
CVE-2024-51751 File Exposure Vulnerability in Gradio Applications Fixed in 5.5.0 Gradio is a free Python tool that helps build demos or web apps fast. If you use File or UploadButton in a Gradio app to show file ... https://t.co/bjsrkBjr9A
@VulmonFeeds
7 Nov 2024
173 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-51751 Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio … https://t.co/x2pzwQJHYe
@CVEnew
6 Nov 2024
500 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes