CVE-2024-39236

Source
https://cve.org/CVERecord?id=CVE-2024-39236
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39236.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-39236
Aliases
Published
2024-07-01T00:00:00Z
Modified
2026-07-15T01:49:12.009002512Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39236.json",
    "cna_assigner": "mitre",
    "isDisputed": true
}
References

Affected packages

Git / github.com/gradio-app/gradio

Affected ranges

Type
GIT
Repo
https://github.com/gradio-app/gradio
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:gradio_project:gradio:4.36.1:*:*:*:*:python:*:*",
    "extracted_events": [
        {
            "introduced": "4.36.1"
        },
        {
            "last_affected": "4.36.1"
        }
    ]
}

Affected versions

4.*
4.36.1
@gradio/annotatedimage@0.*
@gradio/annotatedimage@0.6.10
@gradio/app@1.*
@gradio/app@1.36.2
@gradio/audio@0.*
@gradio/audio@0.11.10
@gradio/button@0.*
@gradio/button@0.2.43
@gradio/chatbot@0.*
@gradio/chatbot@0.10.11
@gradio/client@1.*
@gradio/client@1.1.1
@gradio/code@0.*
@gradio/code@0.6.11
@gradio/dataframe@0.*
@gradio/dataframe@0.8.10
@gradio/dataset@0.*
@gradio/dataset@0.1.43
@gradio/downloadbutton@0.*
@gradio/downloadbutton@0.1.20
@gradio/file@0.*
@gradio/file@0.8.2
@gradio/fileexplorer@0.*
@gradio/fileexplorer@0.4.11
@gradio/gallery@0.*
@gradio/gallery@0.10.10
@gradio/image@0.*
@gradio/image@0.11.10
@gradio/imageeditor@0.*
@gradio/imageeditor@0.7.10
@gradio/lite@4.*
@gradio/lite@4.36.1
@gradio/model3d@0.*
@gradio/model3d@0.10.10
@gradio/multimodaltextbox@0.*
@gradio/multimodaltextbox@0.4.11
@gradio/simpleimage@0.*
@gradio/simpleimage@0.5.10
@gradio/upload@0.*
@gradio/upload@0.11.2
@gradio/uploadbutton@0.*
@gradio/uploadbutton@0.6.11
@gradio/video@0.*
@gradio/video@0.8.10
gradio@4.*
gradio@4.36.1
website@0.*
website@0.31.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39236.json"