CVE-2023-6572
- Source
- https://cve.org/CVERecord?id=CVE-2023-6572
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6572.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-6572
- Aliases
- Published
- 2023-12-14T14:15:46.013Z
- Modified
- 2026-03-03T01:22:05.259284Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Command Injection in GitHub repository gradio-app/gradio prior to main.
- References
-
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
- https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
Affected packages
Git / github.com/gradio-app/gradio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gradio-app/gradio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
@gradio/atoms@0.*
@gradio/atoms@0.2.0
@gradio/atoms@0.2.0-beta.6
@gradio/audio@0.*
@gradio/audio@0.4.0
@gradio/audio@0.4.0-beta.9
@gradio/audio@0.4.1
@gradio/audio@0.4.2
@gradio/box@0.*
@gradio/box@0.1.0
@gradio/box@0.1.0-beta.7
@gradio/button@0.*
@gradio/button@0.2.0
@gradio/button@0.2.0-beta.7
@gradio/button@0.2.1
@gradio/button@0.2.2
@gradio/chatbot@0.*
@gradio/chatbot@0.4.0
@gradio/chatbot@0.4.0-beta.9
@gradio/chatbot@0.4.1
@gradio/chatbot@0.4.2
@gradio/checkbox@0.*
@gradio/checkbox@0.2.0
@gradio/checkbox@0.2.0-beta.8
@gradio/checkboxgroup@0.*
@gradio/checkboxgroup@0.3.0
@gradio/checkboxgroup@0.3.0-beta.8
@gradio/checkboxgroup@0.3.1
@gradio/client@0.*
@gradio/client@0.2.1
@gradio/client@0.3.0
@gradio/client@0.3.1
@gradio/client@0.4.0
@gradio/client@0.4.1
@gradio/client@0.4.2
@gradio/client@0.5.0
@gradio/client@0.5.1
@gradio/client@0.5.2
@gradio/client@0.6.0
@gradio/client@0.7.0
@gradio/client@0.7.0-beta.1
@gradio/client@0.7.1
@gradio/code@0.*
@gradio/code@0.2.0
@gradio/code@0.2.0-beta.8
@gradio/code@0.2.1
@gradio/code@0.2.2
@gradio/colorpicker@0.*
@gradio/colorpicker@0.2.0
@gradio/colorpicker@0.2.0-beta.8
@gradio/column@0.*
@gradio/column@0.1.0
@gradio/column@0.1.0-beta.3
@gradio/dataframe@0.*
@gradio/dataframe@0.3.0
@gradio/dataframe@0.3.0-beta.8
@gradio/dataframe@0.3.1
@gradio/dataframe@0.3.2
@gradio/dataframe@0.3.3
@gradio/dataset@0.*
@gradio/dataset@0.1.0
@gradio/dataset@0.1.0-beta.2
@gradio/dataset@0.1.1
@gradio/dataset@0.1.2
@gradio/dropdown@0.*
@gradio/dropdown@0.3.0
@gradio/dropdown@0.3.0-beta.8
@gradio/fallback@0.*
@gradio/fallback@0.2.0
@gradio/fallback@0.2.0-beta.8
@gradio/file@0.*
@gradio/file@0.2.0
@gradio/file@0.2.0-beta.8
@gradio/file@0.2.1
@gradio/file@0.2.2
@gradio/form@0.*
@gradio/form@0.1.0
@gradio/form@0.1.0-beta.7
@gradio/gallery@0.*
@gradio/gallery@0.4.0
@gradio/gallery@0.4.0-beta.9
@gradio/gallery@0.4.1
@gradio/gallery@0.4.2
@gradio/gallery@0.4.3
@gradio/group@0.*
@gradio/group@0.1.0
@gradio/group@0.1.0-beta.2
@gradio/highlightedtext@0.*
@gradio/highlightedtext@0.4.0
@gradio/highlightedtext@0.4.0-beta.8
@gradio/html@0.*
@gradio/html@0.1.0
@gradio/html@0.1.0-beta.8
@gradio/icons@0.*
@gradio/icons@0.2.0
@gradio/icons@0.2.0-beta.3
@gradio/image@0.*
@gradio/image@0.3.0
@gradio/image@0.3.0-beta.9
@gradio/image@0.3.1
@gradio/image@0.3.2
@gradio/json@0.*
@gradio/json@0.1.0
@gradio/json@0.1.0-beta.8
@gradio/label@0.*
@gradio/label@0.2.0
@gradio/label@0.2.0-beta.8
@gradio/lite@0.*
@gradio/lite@0.3.1
@gradio/lite@0.3.2
@gradio/lite@0.4.0
@gradio/lite@0.4.1
@gradio/lite@0.4.2
@gradio/lite@0.4.3
@gradio/markdown@0.*
@gradio/markdown@0.3.0
@gradio/markdown@0.3.0-beta.8
@gradio/model3d@0.*
@gradio/model3d@0.3.0
@gradio/model3d@0.3.0-beta.8
@gradio/model3d@0.3.1
@gradio/model3d@0.4.0
@gradio/number@0.*
@gradio/number@0.3.0
@gradio/number@0.3.0-beta.8
@gradio/plot@0.*
@gradio/plot@0.2.0
@gradio/plot@0.2.0-beta.8
@gradio/preview@0.*
@gradio/preview@0.1.0
@gradio/preview@0.1.0-beta.8
@gradio/preview@0.1.1
@gradio/preview@0.2.0
@gradio/radio@0.*
@gradio/radio@0.3.0
@gradio/radio@0.3.0-beta.8
@gradio/radio@0.3.1
@gradio/row@0.*
@gradio/row@0.1.0
@gradio/row@0.1.0-beta.2
@gradio/simpledropdown@0.*
@gradio/simpledropdown@0.1.0
@gradio/simpledropdown@0.1.0-beta.3
@gradio/simpletextbox@0.*
@gradio/simpletextbox@0.1.0
@gradio/simpletextbox@0.1.0-beta.2
@gradio/slider@0.*
@gradio/slider@0.2.0
@gradio/slider@0.2.0-beta.8
@gradio/state@0.*
@gradio/state@0.1.0
@gradio/state@0.1.0-beta.2
@gradio/statustracker@0.*
@gradio/statustracker@0.3.0
@gradio/statustracker@0.3.0-beta.8
@gradio/tabitem@0.*
@gradio/tabitem@0.1.0
@gradio/tabitem@0.1.0-beta.8
@gradio/tabs@0.*
@gradio/tabs@0.1.0
@gradio/tabs@0.1.0-beta.8
@gradio/textbox@0.*
@gradio/textbox@0.4.0
@gradio/textbox@0.4.0-beta.8
@gradio/theme@0.*
@gradio/theme@0.2.0
@gradio/theme@0.2.0-beta.2
@gradio/tooltip@0.*
@gradio/tooltip@0.1.0
@gradio/tooltip@0.1.0-beta.2
@gradio/tootils@0.*
@gradio/tootils@0.1.0
@gradio/tootils@0.1.0-beta.7
@gradio/tootils@0.1.1
@gradio/upload@0.*
@gradio/upload@0.3.0
@gradio/upload@0.3.0-beta.6
@gradio/upload@0.3.1
@gradio/upload@0.3.2
@gradio/uploadbutton@0.*
@gradio/uploadbutton@0.1.0
@gradio/uploadbutton@0.1.0-beta.7
@gradio/uploadbutton@0.1.1
@gradio/uploadbutton@0.1.2
@gradio/utils@0.*
@gradio/utils@0.2.0
@gradio/utils@0.2.0-beta.6
@gradio/video@0.*
@gradio/video@0.1.0
@gradio/video@0.1.0-beta.9
@gradio/video@0.1.1
@gradio/video@0.1.2
@gradio/wasm@0.*
@gradio/wasm@0.2.0
@gradio/wasm@0.2.0-beta.2
gradio@3.*
gradio@3.41.0
gradio@3.41.1
gradio@3.41.2
gradio@3.42.0
gradio@3.43.0
gradio@3.43.1
gradio@3.43.2
gradio@3.44.0
gradio@3.44.1
gradio@3.44.2
gradio@3.44.3
gradio@3.44.4
gradio@3.45.0
gradio@3.45.1
gradio@3.45.2
gradio@3.46.0
gradio@3.46.1
gradio@3.47.0
gradio@3.47.1
gradio@3.48.0
gradio@3.49.0
gradio@3.50.0
gradio@3.50.1
gradio@3.50.2
gradio@4.*
gradio@4.0.0
gradio@4.0.0-beta.15
gradio@4.0.1
gradio@4.0.2
gradio@4.1.0
gradio@4.1.1
gradio_client@0.*
gradio_client@0.5.0
gradio_client@0.5.1
gradio_client@0.5.2
gradio_client@0.5.3
gradio_client@0.6.0
gradio_client@0.6.1
gradio_client@0.7.0
gradio_client@0.7.0-beta.2
v2.*
v2.3.6
v2.4.0
v2.6.0
v2.7.1
v2.7.5
v2.8.1
v2.9.0
v3.*
v3.0
v3.0.1b120
v3.0.1b121
v3.0.1b123
v3.0.1b150
v3.0.1b300
v3.0.25
v3.0.26
v3.1.0
v3.1.1
v3.1.3
v3.1.3a
v3.1.3a2
v3.1.3a3
v3.1.4
v3.1.4b
v3.1.4b1
v3.1.4b2
v3.1.4b3
v3.1.5
v3.1.6
v3.1.7
v3.1.8b
v3.10.0
v3.10.1
v3.11.0
v3.12.0
v3.12.0b1
v3.12.0b2
v3.12.0b3
v3.12.0b6
v3.12.0b7
v3.13.0
v3.13.0b1
v3.13.1
v3.13.1b0
v3.13.1b1
v3.13.1b2
v3.13.2
v3.14.0
v3.14.0a1
v3.15.0
v3.16.0
v3.16.1
v3.16.1b1
v3.16.2
v3.17.0
v3.17.1
v3.17.1b1
v3.17.1b2
v3.18.0
v3.18.1b1
v3.18.1b2
v3.18.1b3
v3.18.1b4
v3.18.1b5
v3.18.1b6
v3.18.1b7
v3.19.0
v3.19.1
v3.2
v3.2.1b0
v3.2.1b1
v3.2.1b2
v3.20.0
v3.20.0b2
v3.20.1
v3.21.0
v3.22.0
v3.22.1
v3.22.1b1
v3.23.0
v3.23.1b1
v3.23.1b2
v3.23.1b3
v3.24.0
v3.24.1
v3.25.0
v3.25.1b1
v3.25.1b2
v3.26.0
v3.27.0
v3.28.0
v3.28.1
v3.28.2
v3.28.3
v3.28.4b0
v3.29.0
v3.3
v3.3.1
v3.3.b0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.33.1
v3.34.0
v3.35.0
v3.35.1
v3.35.2
v3.36.0
v3.36.1
v3.37.0
v3.38.0
v3.39.0
v3.3b1
v3.4
v3.4.1
v3.40.0
v3.40.1
v3.41.0
v3.4b0
v3.4b1
v3.4b2
v3.4b3
v3.4b5
v3.5
v3.6
v3.6.0b1
v3.6.0b10
v3.6.0b2
v3.6.0b3
v3.6.0b7
v3.7
v3.8
v3.8.1
v3.8.1dev1
v3.8.2
v3.8b1
v3.8b2
v3.9
v3.9.1