CVE-2024-0964

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0964
Aliases
Published
2024-02-05T23:15:08.190Z
Modified
2025-11-20T12:23:08.906543Z
Severity
  • 9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
Summary
[none]
Details

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

References

Affected packages

Git / github.com/gradio-app/gradio

Affected ranges

Type
GIT
Repo
https://github.com/gradio-app/gradio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d76bcaaaf0734aaf49a680f94ea9d4d22a602e70

Affected versions

@gradio/atoms@0.*

@gradio/atoms@0.2.0
@gradio/atoms@0.2.0-beta.6
@gradio/atoms@0.2.1
@gradio/atoms@0.2.2
@gradio/atoms@0.3.0
@gradio/atoms@0.3.1

@gradio/audio@0.*

@gradio/audio@0.4.0
@gradio/audio@0.4.0-beta.9
@gradio/audio@0.4.1
@gradio/audio@0.4.2
@gradio/audio@0.4.3
@gradio/audio@0.5.0
@gradio/audio@0.5.1
@gradio/audio@0.5.2
@gradio/audio@0.5.3
@gradio/audio@0.5.4
@gradio/audio@0.5.5

@gradio/box@0.*

@gradio/box@0.1.0
@gradio/box@0.1.0-beta.7
@gradio/box@0.1.1
@gradio/box@0.1.2
@gradio/box@0.1.3
@gradio/box@0.1.4

@gradio/button@0.*

@gradio/button@0.2.0
@gradio/button@0.2.0-beta.7
@gradio/button@0.2.1
@gradio/button@0.2.2
@gradio/button@0.2.3
@gradio/button@0.2.4
@gradio/button@0.2.5
@gradio/button@0.2.6
@gradio/button@0.2.7
@gradio/button@0.2.8
@gradio/button@0.2.9

@gradio/chatbot@0.*

@gradio/chatbot@0.4.0
@gradio/chatbot@0.4.0-beta.9
@gradio/chatbot@0.4.1
@gradio/chatbot@0.4.2
@gradio/chatbot@0.4.3
@gradio/chatbot@0.4.4
@gradio/chatbot@0.4.5
@gradio/chatbot@0.4.6
@gradio/chatbot@0.4.7
@gradio/chatbot@0.4.8
@gradio/chatbot@0.5.0
@gradio/chatbot@0.5.1

@gradio/checkbox@0.*

@gradio/checkbox@0.2.0
@gradio/checkbox@0.2.0-beta.8
@gradio/checkbox@0.2.1
@gradio/checkbox@0.2.2
@gradio/checkbox@0.2.3
@gradio/checkbox@0.2.4

@gradio/checkboxgroup@0.*

@gradio/checkboxgroup@0.3.0
@gradio/checkboxgroup@0.3.0-beta.8
@gradio/checkboxgroup@0.3.1
@gradio/checkboxgroup@0.3.2
@gradio/checkboxgroup@0.3.3
@gradio/checkboxgroup@0.3.4
@gradio/checkboxgroup@0.3.5

@gradio/client@0.*

@gradio/client@0.2.1
@gradio/client@0.3.0
@gradio/client@0.3.1
@gradio/client@0.4.0
@gradio/client@0.4.1
@gradio/client@0.4.2
@gradio/client@0.5.0
@gradio/client@0.5.1
@gradio/client@0.5.2
@gradio/client@0.6.0
@gradio/client@0.7.0
@gradio/client@0.7.0-beta.1
@gradio/client@0.7.1
@gradio/client@0.7.2
@gradio/client@0.8.0
@gradio/client@0.8.1
@gradio/client@0.8.2

@gradio/code@0.*

@gradio/code@0.2.0
@gradio/code@0.2.0-beta.8
@gradio/code@0.2.1
@gradio/code@0.2.2
@gradio/code@0.2.3
@gradio/code@0.2.4
@gradio/code@0.2.5
@gradio/code@0.2.6
@gradio/code@0.2.7
@gradio/code@0.2.8
@gradio/code@0.2.9

@gradio/colorpicker@0.*

@gradio/colorpicker@0.2.0
@gradio/colorpicker@0.2.0-beta.8
@gradio/colorpicker@0.2.1
@gradio/colorpicker@0.2.2
@gradio/colorpicker@0.2.3
@gradio/colorpicker@0.2.4

@gradio/column@0.*

@gradio/column@0.1.0
@gradio/column@0.1.0-beta.3

@gradio/dataframe@0.*

@gradio/dataframe@0.3.0
@gradio/dataframe@0.3.0-beta.8
@gradio/dataframe@0.3.1
@gradio/dataframe@0.3.10
@gradio/dataframe@0.3.11
@gradio/dataframe@0.3.2
@gradio/dataframe@0.3.3
@gradio/dataframe@0.3.4
@gradio/dataframe@0.3.5
@gradio/dataframe@0.3.6
@gradio/dataframe@0.3.7
@gradio/dataframe@0.3.8
@gradio/dataframe@0.3.9

@gradio/dataset@0.*

@gradio/dataset@0.1.0
@gradio/dataset@0.1.0-beta.2
@gradio/dataset@0.1.1
@gradio/dataset@0.1.2
@gradio/dataset@0.1.3
@gradio/dataset@0.1.4
@gradio/dataset@0.1.5
@gradio/dataset@0.1.6
@gradio/dataset@0.1.7
@gradio/dataset@0.1.8
@gradio/dataset@0.1.9

@gradio/dropdown@0.*

@gradio/dropdown@0.3.0
@gradio/dropdown@0.3.0-beta.8
@gradio/dropdown@0.3.1
@gradio/dropdown@0.3.2
@gradio/dropdown@0.3.3
@gradio/dropdown@0.4.0
@gradio/dropdown@0.4.1

@gradio/fallback@0.*

@gradio/fallback@0.2.0
@gradio/fallback@0.2.0-beta.8
@gradio/fallback@0.2.1
@gradio/fallback@0.2.2
@gradio/fallback@0.2.3
@gradio/fallback@0.2.4

@gradio/file@0.*

@gradio/file@0.2.0
@gradio/file@0.2.0-beta.8
@gradio/file@0.2.1
@gradio/file@0.2.2
@gradio/file@0.2.3
@gradio/file@0.2.4
@gradio/file@0.2.5
@gradio/file@0.2.6
@gradio/file@0.2.7
@gradio/file@0.3.0
@gradio/file@0.3.1

@gradio/form@0.*

@gradio/form@0.1.0
@gradio/form@0.1.0-beta.7
@gradio/form@0.1.1
@gradio/form@0.1.2
@gradio/form@0.1.3
@gradio/form@0.1.4

@gradio/gallery@0.*

@gradio/gallery@0.4.0
@gradio/gallery@0.4.0-beta.9
@gradio/gallery@0.4.1
@gradio/gallery@0.4.10
@gradio/gallery@0.4.2
@gradio/gallery@0.4.3
@gradio/gallery@0.4.4
@gradio/gallery@0.4.5
@gradio/gallery@0.4.6
@gradio/gallery@0.4.7
@gradio/gallery@0.4.8
@gradio/gallery@0.4.9

@gradio/group@0.*

@gradio/group@0.1.0
@gradio/group@0.1.0-beta.2

@gradio/highlightedtext@0.*

@gradio/highlightedtext@0.4.0
@gradio/highlightedtext@0.4.0-beta.8
@gradio/highlightedtext@0.4.1
@gradio/highlightedtext@0.4.2
@gradio/highlightedtext@0.4.3
@gradio/highlightedtext@0.4.4

@gradio/html@0.*

@gradio/html@0.1.0
@gradio/html@0.1.0-beta.8
@gradio/html@0.1.1
@gradio/html@0.1.2
@gradio/html@0.1.3
@gradio/html@0.1.4

@gradio/icons@0.*

@gradio/icons@0.2.0
@gradio/icons@0.2.0-beta.3
@gradio/icons@0.2.1
@gradio/icons@0.3.0
@gradio/icons@0.3.1

@gradio/image@0.*

@gradio/image@0.3.0
@gradio/image@0.3.0-beta.9
@gradio/image@0.3.1
@gradio/image@0.3.2
@gradio/image@0.3.3
@gradio/image@0.3.4
@gradio/image@0.3.5
@gradio/image@0.3.6
@gradio/image@0.4.0
@gradio/image@0.4.1
@gradio/image@0.4.2

@gradio/imageeditor@0.*

@gradio/imageeditor@0.0.1
@gradio/imageeditor@0.1.0
@gradio/imageeditor@0.1.1
@gradio/imageeditor@0.1.2

@gradio/json@0.*

@gradio/json@0.1.0
@gradio/json@0.1.0-beta.8
@gradio/json@0.1.1
@gradio/json@0.1.2
@gradio/json@0.1.3
@gradio/json@0.1.4

@gradio/label@0.*

@gradio/label@0.2.0
@gradio/label@0.2.0-beta.8
@gradio/label@0.2.1
@gradio/label@0.2.2
@gradio/label@0.2.3
@gradio/label@0.2.4

@gradio/lite@0.*

@gradio/lite@0.3.1
@gradio/lite@0.3.2
@gradio/lite@0.4.0
@gradio/lite@0.4.1
@gradio/lite@0.4.2
@gradio/lite@0.4.3

@gradio/markdown@0.*

@gradio/markdown@0.3.0
@gradio/markdown@0.3.0-beta.8
@gradio/markdown@0.3.1
@gradio/markdown@0.3.2
@gradio/markdown@0.3.3
@gradio/markdown@0.3.4
@gradio/markdown@0.4.0
@gradio/markdown@0.4.1

@gradio/model3d@0.*

@gradio/model3d@0.3.0
@gradio/model3d@0.3.0-beta.8
@gradio/model3d@0.3.1
@gradio/model3d@0.4.0
@gradio/model3d@0.4.1
@gradio/model3d@0.4.2
@gradio/model3d@0.4.3
@gradio/model3d@0.4.4
@gradio/model3d@0.4.5
@gradio/model3d@0.4.6
@gradio/model3d@0.4.7

@gradio/number@0.*

@gradio/number@0.3.0
@gradio/number@0.3.0-beta.8
@gradio/number@0.3.1
@gradio/number@0.3.2
@gradio/number@0.3.3
@gradio/number@0.3.4

@gradio/plot@0.*

@gradio/plot@0.2.0
@gradio/plot@0.2.0-beta.8
@gradio/plot@0.2.1
@gradio/plot@0.2.2
@gradio/plot@0.2.3
@gradio/plot@0.2.4

@gradio/preview@0.*

@gradio/preview@0.1.0
@gradio/preview@0.1.0-beta.8
@gradio/preview@0.1.1
@gradio/preview@0.2.0
@gradio/preview@0.2.1
@gradio/preview@0.2.2
@gradio/preview@0.3.0
@gradio/preview@0.4.0
@gradio/preview@0.5.0

@gradio/radio@0.*

@gradio/radio@0.3.0
@gradio/radio@0.3.0-beta.8
@gradio/radio@0.3.1
@gradio/radio@0.3.2
@gradio/radio@0.3.3
@gradio/radio@0.3.4
@gradio/radio@0.3.5

@gradio/row@0.*

@gradio/row@0.1.0
@gradio/row@0.1.0-beta.2

@gradio/simpledropdown@0.*

@gradio/simpledropdown@0.1.0
@gradio/simpledropdown@0.1.0-beta.3
@gradio/simpledropdown@0.1.1
@gradio/simpledropdown@0.1.2
@gradio/simpledropdown@0.1.3
@gradio/simpledropdown@0.1.4

@gradio/simpletextbox@0.*

@gradio/simpletextbox@0.1.0
@gradio/simpletextbox@0.1.0-beta.2
@gradio/simpletextbox@0.1.1
@gradio/simpletextbox@0.1.2
@gradio/simpletextbox@0.1.3
@gradio/simpletextbox@0.1.4

@gradio/slider@0.*

@gradio/slider@0.2.0
@gradio/slider@0.2.0-beta.8
@gradio/slider@0.2.1
@gradio/slider@0.2.2
@gradio/slider@0.2.3
@gradio/slider@0.2.4

@gradio/state@0.*

@gradio/state@0.1.0
@gradio/state@0.1.0-beta.2

@gradio/statustracker@0.*

@gradio/statustracker@0.3.0
@gradio/statustracker@0.3.0-beta.8
@gradio/statustracker@0.3.1
@gradio/statustracker@0.3.2
@gradio/statustracker@0.4.0
@gradio/statustracker@0.4.1

@gradio/tabitem@0.*

@gradio/tabitem@0.1.0
@gradio/tabitem@0.1.0-beta.8

@gradio/tabs@0.*

@gradio/tabs@0.1.0
@gradio/tabs@0.1.0-beta.8

@gradio/textbox@0.*

@gradio/textbox@0.4.0
@gradio/textbox@0.4.0-beta.8
@gradio/textbox@0.4.1
@gradio/textbox@0.4.2
@gradio/textbox@0.4.3
@gradio/textbox@0.4.4
@gradio/textbox@0.4.5

@gradio/theme@0.*

@gradio/theme@0.2.0
@gradio/theme@0.2.0-beta.2

@gradio/tooltip@0.*

@gradio/tooltip@0.1.0
@gradio/tooltip@0.1.0-beta.2

@gradio/tootils@0.*

@gradio/tootils@0.1.0
@gradio/tootils@0.1.0-beta.7
@gradio/tootils@0.1.1
@gradio/tootils@0.1.2
@gradio/tootils@0.1.3
@gradio/tootils@0.1.4
@gradio/tootils@0.1.5

@gradio/upload@0.*

@gradio/upload@0.3.0
@gradio/upload@0.3.0-beta.6
@gradio/upload@0.3.1
@gradio/upload@0.3.2
@gradio/upload@0.3.3
@gradio/upload@0.4.0
@gradio/upload@0.4.1
@gradio/upload@0.4.2
@gradio/upload@0.5.0
@gradio/upload@0.5.1
@gradio/upload@0.5.2

@gradio/uploadbutton@0.*

@gradio/uploadbutton@0.1.0
@gradio/uploadbutton@0.1.0-beta.7
@gradio/uploadbutton@0.1.1
@gradio/uploadbutton@0.1.2
@gradio/uploadbutton@0.1.3
@gradio/uploadbutton@0.1.4
@gradio/uploadbutton@0.1.5
@gradio/uploadbutton@0.2.0
@gradio/uploadbutton@0.2.1
@gradio/uploadbutton@0.2.2
@gradio/uploadbutton@0.3.0

@gradio/utils@0.*

@gradio/utils@0.2.0
@gradio/utils@0.2.0-beta.6

@gradio/video@0.*

@gradio/video@0.1.0
@gradio/video@0.1.0-beta.9
@gradio/video@0.1.1
@gradio/video@0.1.2
@gradio/video@0.1.3
@gradio/video@0.1.4
@gradio/video@0.1.5
@gradio/video@0.1.6
@gradio/video@0.1.7
@gradio/video@0.1.8
@gradio/video@0.1.9

@gradio/wasm@0.*

@gradio/wasm@0.2.0
@gradio/wasm@0.2.0-beta.2
@gradio/wasm@0.3.0

gradio@3.*

gradio@3.41.0
gradio@3.41.1
gradio@3.41.2
gradio@3.42.0
gradio@3.43.0
gradio@3.43.1
gradio@3.43.2
gradio@3.44.0
gradio@3.44.1
gradio@3.44.2
gradio@3.44.3
gradio@3.44.4
gradio@3.45.0
gradio@3.45.1
gradio@3.45.2
gradio@3.46.0
gradio@3.46.1
gradio@3.47.0
gradio@3.47.1
gradio@3.48.0
gradio@3.49.0
gradio@3.50.0
gradio@3.50.1
gradio@3.50.2

gradio@4.*

gradio@4.0.0
gradio@4.0.0-beta.15
gradio@4.0.1
gradio@4.0.2
gradio@4.1.0
gradio@4.1.1
gradio@4.1.2
gradio@4.2.0
gradio@4.3.0
gradio@4.4.0
gradio@4.4.1
gradio@4.5.0
gradio@4.6.0
gradio@4.7.0
gradio@4.8.0

gradio_client@0.*

gradio_client@0.5.0
gradio_client@0.5.1
gradio_client@0.5.2
gradio_client@0.5.3
gradio_client@0.6.0
gradio_client@0.6.1
gradio_client@0.7.0
gradio_client@0.7.0-beta.2
gradio_client@0.7.1

v2.*

v2.3.6
v2.4.0
v2.6.0
v2.7.1
v2.7.5
v2.8.1
v2.9.0

v3.*

v3.0
v3.0.1b120
v3.0.1b121
v3.0.1b123
v3.0.1b150
v3.0.1b300
v3.0.25
v3.0.26
v3.1.0
v3.1.1
v3.1.3
v3.1.3a
v3.1.3a2
v3.1.3a3
v3.1.4
v3.1.4b
v3.1.4b1
v3.1.4b2
v3.1.4b3
v3.1.5
v3.1.6
v3.1.7
v3.1.8b
v3.10.0
v3.10.1
v3.11.0
v3.12.0
v3.12.0b1
v3.12.0b2
v3.12.0b3
v3.12.0b6
v3.12.0b7
v3.13.0
v3.13.0b1
v3.13.1
v3.13.1b0
v3.13.1b1
v3.13.1b2
v3.13.2
v3.14.0
v3.14.0a1
v3.15.0
v3.16.0
v3.16.1
v3.16.1b1
v3.16.2
v3.17.0
v3.17.1
v3.17.1b1
v3.17.1b2
v3.18.0
v3.18.1b1
v3.18.1b2
v3.18.1b3
v3.18.1b4
v3.18.1b5
v3.18.1b6
v3.18.1b7
v3.19.0
v3.19.1
v3.2
v3.2.1b0
v3.2.1b1
v3.2.1b2
v3.20.0
v3.20.0b2
v3.20.1
v3.21.0
v3.22.0
v3.22.1
v3.22.1b1
v3.23.0
v3.23.1b1
v3.23.1b2
v3.23.1b3
v3.24.0
v3.24.1
v3.25.0
v3.25.1b1
v3.25.1b2
v3.26.0
v3.27.0
v3.28.0
v3.28.1
v3.28.2
v3.28.3
v3.28.4b0
v3.29.0
v3.3
v3.3.1
v3.3.b0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.33.1
v3.34.0
v3.35.0
v3.35.1
v3.35.2
v3.36.0
v3.36.1
v3.37.0
v3.38.0
v3.39.0
v3.3b1
v3.4
v3.4.1
v3.40.0
v3.40.1
v3.41.0
v3.4b0
v3.4b1
v3.4b2
v3.4b3
v3.4b5
v3.5
v3.6
v3.6.0b1
v3.6.0b10
v3.6.0b2
v3.6.0b3
v3.6.0b7
v3.7
v3.8
v3.8.1
v3.8.1dev1
v3.8.2
v3.8b1
v3.8b2
v3.9
v3.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0964.json"