CVE-2024-51751
Last modified
CVE-2024-51751 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gradio Project | Gradio | >= 5.0.0, < 5.5.0 |
References
- https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-51751?
How severe is CVE-2024-51751?
How do I fix CVE-2024-51751?
Are you affected by CVE-2024-51751?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST