CVE-2024-51751

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-51751

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51751.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51751

Aliases

Published

2024-11-06T19:11:38.731Z

Modified

2026-05-20T08:11:27.099849899Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Arbitrary file read with File and UploadButton components in Gradio

Details

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51751.json"
}

References

Affected packages

Git / github.com/gradio-app/gradio

Affected ranges

Type: GIT
Repo: https://github.com/gradio-app/gradio
Events: Introduced

bbf9ba7e997022960c621f72baa891185bd03732

Fixed

b5eaba1d6d6938197f105e5906a07fe2b2bba704

Affected versions

@gradio/accordion@0.*

@gradio/accordion@0.4.0

@gradio/accordion@0.4.1

@gradio/accordion@0.4.2

@gradio/accordion@0.4.3

@gradio/accordion@0.4.4

@gradio/accordion@0.4.5

@gradio/annotatedimage@0.*

@gradio/annotatedimage@0.8.0

@gradio/annotatedimage@0.8.1

@gradio/annotatedimage@0.8.2

@gradio/annotatedimage@0.8.3

@gradio/annotatedimage@0.8.4

@gradio/annotatedimage@0.8.5

@gradio/annotatedimage@0.8.6

@gradio/atoms@0.*

@gradio/atoms@0.10.0

@gradio/atoms@0.10.1

@gradio/atoms@0.9.0

@gradio/atoms@0.9.1

@gradio/atoms@0.9.2

@gradio/audio@0.*

@gradio/audio@0.14.0

@gradio/audio@0.14.1

@gradio/audio@0.14.2

@gradio/audio@0.14.3

@gradio/audio@0.14.4

@gradio/audio@0.14.5

@gradio/audio@0.14.6

@gradio/box@0.*

@gradio/box@0.2.0

@gradio/box@0.2.1

@gradio/box@0.2.2

@gradio/box@0.2.3

@gradio/box@0.2.4

@gradio/button@0.*

@gradio/button@0.3.0

@gradio/button@0.3.1

@gradio/button@0.3.2

@gradio/button@0.3.3

@gradio/button@0.3.4

@gradio/button@0.3.5

@gradio/chatbot@0.*

@gradio/chatbot@0.14.0

@gradio/chatbot@0.14.1

@gradio/chatbot@0.14.2

@gradio/chatbot@0.15.0

@gradio/chatbot@0.15.1

@gradio/chatbot@0.15.2

@gradio/chatbot@0.16.0

@gradio/chatbot@0.16.1

@gradio/checkbox@0.*

@gradio/checkbox@0.4.0

@gradio/checkbox@0.4.1

@gradio/checkbox@0.4.2

@gradio/checkbox@0.4.3

@gradio/checkbox@0.4.4

@gradio/checkbox@0.4.5

@gradio/checkboxgroup@0.*

@gradio/checkboxgroup@0.6.0

@gradio/checkboxgroup@0.6.1

@gradio/checkboxgroup@0.6.2

@gradio/checkboxgroup@0.6.3

@gradio/checkboxgroup@0.6.4

@gradio/checkboxgroup@0.6.5

@gradio/client@1.*

@gradio/client@1.6.0

@gradio/client@1.7.0

@gradio/client@1.7.1

@gradio/code@0.*

@gradio/code@0.10.0

@gradio/code@0.10.1

@gradio/code@0.10.2

@gradio/code@0.10.3

@gradio/code@0.10.4

@gradio/code@0.10.5

@gradio/code@0.10.6

@gradio/colorpicker@0.*

@gradio/colorpicker@0.4.0

@gradio/colorpicker@0.4.1

@gradio/colorpicker@0.4.2

@gradio/colorpicker@0.4.3

@gradio/colorpicker@0.4.4

@gradio/colorpicker@0.4.5

@gradio/column@0.*

@gradio/column@0.2.0

@gradio/core@0.*

@gradio/core@0.1.0

@gradio/core@0.1.1

@gradio/core@0.2.0

@gradio/core@0.2.1

@gradio/dataframe@0.*

@gradio/dataframe@0.11.0

@gradio/dataframe@0.11.1

@gradio/dataframe@0.11.2

@gradio/dataframe@0.11.3

@gradio/dataframe@0.11.4

@gradio/dataframe@0.12.0

@gradio/dataframe@0.12.1

@gradio/dataset@0.*

@gradio/dataset@0.3.0

@gradio/dataset@0.3.1

@gradio/dataset@0.3.2

@gradio/dataset@0.3.3

@gradio/dataset@0.3.4

@gradio/dataset@0.3.5

@gradio/dataset@0.3.6

@gradio/dataset@0.3.7

@gradio/datetime@0.*

@gradio/datetime@0.2.0

@gradio/datetime@0.2.1

@gradio/datetime@0.2.2

@gradio/datetime@0.2.3

@gradio/datetime@0.2.4

@gradio/datetime@0.2.5

@gradio/downloadbutton@0.*

@gradio/downloadbutton@0.2.0

@gradio/downloadbutton@0.2.1

@gradio/downloadbutton@0.2.2

@gradio/downloadbutton@0.2.3

@gradio/downloadbutton@0.2.4

@gradio/downloadbutton@0.2.5

@gradio/dropdown@0.*

@gradio/dropdown@0.8.0

@gradio/dropdown@0.8.1

@gradio/dropdown@0.9.0

@gradio/dropdown@0.9.1

@gradio/dropdown@0.9.2

@gradio/dropdown@0.9.3

@gradio/fallback@0.*

@gradio/fallback@0.4.0

@gradio/fallback@0.4.1

@gradio/fallback@0.4.2

@gradio/fallback@0.4.3

@gradio/fallback@0.4.4

@gradio/fallback@0.4.5

@gradio/file@0.*

@gradio/file@0.10.0

@gradio/file@0.10.1

@gradio/file@0.10.2

@gradio/file@0.10.3

@gradio/file@0.10.4

@gradio/file@0.10.5

@gradio/file@0.10.6

@gradio/fileexplorer@0.*

@gradio/fileexplorer@0.5.0

@gradio/fileexplorer@0.5.1

@gradio/fileexplorer@0.5.2

@gradio/fileexplorer@0.5.3

@gradio/fileexplorer@0.5.4

@gradio/fileexplorer@0.5.5

@gradio/fileexplorer@0.5.6

@gradio/form@0.*

@gradio/form@0.2.0

@gradio/form@0.2.1

@gradio/form@0.2.2

@gradio/form@0.2.3

@gradio/form@0.2.4

@gradio/gallery@0.*

@gradio/gallery@0.13.0

@gradio/gallery@0.13.1

@gradio/gallery@0.13.2

@gradio/gallery@0.13.3

@gradio/gallery@0.13.4

@gradio/gallery@0.13.5

@gradio/gallery@0.13.6

@gradio/group@0.*

@gradio/group@0.2.0

@gradio/highlightedtext@0.*

@gradio/highlightedtext@0.8.0

@gradio/highlightedtext@0.8.1

@gradio/highlightedtext@0.8.2

@gradio/highlightedtext@0.8.3

@gradio/highlightedtext@0.8.4

@gradio/highlightedtext@0.8.5

@gradio/html@0.*

@gradio/html@0.4.0

@gradio/html@0.4.1

@gradio/html@0.4.2

@gradio/html@0.4.3

@gradio/html@0.4.4

@gradio/html@0.4.5

@gradio/icons@0.*

@gradio/icons@0.8.0

@gradio/icons@0.8.1

@gradio/image@0.*

@gradio/image@0.16.0

@gradio/image@0.16.1

@gradio/image@0.16.2

@gradio/image@0.16.3

@gradio/image@0.16.4

@gradio/image@0.16.5

@gradio/image@0.16.6

@gradio/imageeditor@0.*

@gradio/imageeditor@0.11.0

@gradio/imageeditor@0.11.1

@gradio/imageeditor@0.11.2

@gradio/imageeditor@0.11.3

@gradio/imageeditor@0.11.4

@gradio/imageeditor@0.11.5

@gradio/imageeditor@0.11.6

@gradio/json@0.*

@gradio/json@0.5.1

@gradio/json@0.5.2

@gradio/json@0.5.3

@gradio/json@0.5.4

@gradio/json@0.5.5

@gradio/label@0.*

@gradio/label@0.4.0

@gradio/label@0.4.1

@gradio/label@0.4.2

@gradio/label@0.4.3

@gradio/label@0.4.4

@gradio/label@0.4.5

@gradio/lite@4.*

@gradio/lite@4.43.1

@gradio/lite@4.43.2

@gradio/lite@5.*

@gradio/lite@5.4.0

@gradio/markdown-code@0.*

@gradio/markdown-code@0.2.0

@gradio/markdown-code@0.2.1

@gradio/markdown@0.*

@gradio/markdown@0.10.0

@gradio/markdown@0.10.1

@gradio/markdown@0.10.2

@gradio/markdown@0.10.3

@gradio/markdown@0.11.0

@gradio/markdown@0.11.1

@gradio/model3d@0.*

@gradio/model3d@0.13.0

@gradio/model3d@0.13.1

@gradio/model3d@0.13.2

@gradio/model3d@0.13.3

@gradio/model3d@0.13.4

@gradio/model3d@0.13.5

@gradio/model3d@0.13.6

@gradio/multimodaltextbox@0.*

@gradio/multimodaltextbox@0.6.0

@gradio/multimodaltextbox@0.6.1

@gradio/multimodaltextbox@0.6.2

@gradio/multimodaltextbox@0.7.0

@gradio/multimodaltextbox@0.7.1

@gradio/multimodaltextbox@0.7.2

@gradio/multimodaltextbox@0.7.3

@gradio/multimodaltextbox@0.7.4

@gradio/nativeplot@0.*

@gradio/nativeplot@0.4.0

@gradio/nativeplot@0.4.1

@gradio/nativeplot@0.4.2

@gradio/nativeplot@0.4.3

@gradio/nativeplot@0.4.4

@gradio/nativeplot@0.4.5

@gradio/number@0.*

@gradio/number@0.5.0

@gradio/number@0.5.1

@gradio/number@0.5.2

@gradio/number@0.5.3

@gradio/number@0.5.4

@gradio/number@0.5.5

@gradio/paramviewer@0.*

@gradio/paramviewer@0.5.0

@gradio/paramviewer@0.5.1

@gradio/paramviewer@0.5.2

@gradio/paramviewer@0.5.3

@gradio/paramviewer@0.5.4

@gradio/paramviewer@0.5.5

@gradio/plot@0.*

@gradio/plot@0.7.0

@gradio/plot@0.7.1

@gradio/plot@0.7.2

@gradio/plot@0.7.3

@gradio/plot@0.8.0

@gradio/plot@0.9.0

@gradio/preview@0.*

@gradio/preview@0.12.0

@gradio/preview@0.12.1

@gradio/preview@0.13.0

@gradio/radio@0.*

@gradio/radio@0.6.0

@gradio/radio@0.6.1

@gradio/radio@0.6.2

@gradio/radio@0.6.3

@gradio/radio@0.6.4

@gradio/radio@0.6.5

@gradio/row@0.*

@gradio/row@0.2.0

@gradio/sanitize@0.*

@gradio/sanitize@0.1.1

@gradio/sanitize@0.1.2

@gradio/sanitize@0.1.3

@gradio/simpledropdown@0.*

@gradio/simpledropdown@0.3.0

@gradio/simpledropdown@0.3.1

@gradio/simpledropdown@0.3.2

@gradio/simpledropdown@0.3.3

@gradio/simpledropdown@0.3.4

@gradio/simpledropdown@0.3.5

@gradio/simpleimage@0.*

@gradio/simpleimage@0.8.0

@gradio/simpleimage@0.8.1

@gradio/simpleimage@0.8.2

@gradio/simpleimage@0.8.3

@gradio/simpleimage@0.8.4

@gradio/simpleimage@0.8.5

@gradio/simpleimage@0.8.6

@gradio/simpletextbox@0.*

@gradio/simpletextbox@0.3.0

@gradio/simpletextbox@0.3.1

@gradio/simpletextbox@0.3.2

@gradio/simpletextbox@0.3.3

@gradio/simpletextbox@0.3.4

@gradio/simpletextbox@0.3.5

@gradio/slider@0.*

@gradio/slider@0.5.0

@gradio/slider@0.5.1

@gradio/slider@0.5.2

@gradio/slider@0.5.3

@gradio/slider@0.5.4

@gradio/slider@0.5.5

@gradio/statustracker@0.*

@gradio/statustracker@0.8.0

@gradio/statustracker@0.8.1

@gradio/statustracker@0.9.0

@gradio/statustracker@0.9.1

@gradio/statustracker@0.9.2

@gradio/statustracker@0.9.3

@gradio/tabitem@0.*

@gradio/tabitem@0.3.0

@gradio/tabitem@0.3.1

@gradio/tabitem@0.3.2

@gradio/tabitem@0.3.3

@gradio/tabs@0.*

@gradio/tabs@0.3.0

@gradio/tabs@0.3.1

@gradio/tabs@0.3.2

@gradio/tabs@0.3.3

@gradio/textbox@0.*

@gradio/textbox@0.7.1

@gradio/textbox@0.8.0

@gradio/textbox@0.8.1

@gradio/textbox@0.8.2

@gradio/textbox@0.8.3

@gradio/textbox@0.8.4

@gradio/theme@0.*

@gradio/theme@0.3.0

@gradio/timer@0.*

@gradio/timer@0.4.0

@gradio/upload@0.*

@gradio/upload@0.13.0

@gradio/upload@0.13.1

@gradio/upload@0.13.2

@gradio/upload@0.13.3

@gradio/upload@0.13.4

@gradio/upload@0.13.5

@gradio/uploadbutton@0.*

@gradio/uploadbutton@0.7.0

@gradio/uploadbutton@0.7.1

@gradio/uploadbutton@0.7.2

@gradio/uploadbutton@0.7.3

@gradio/uploadbutton@0.7.4

@gradio/uploadbutton@0.7.5

@gradio/utils@0.*

@gradio/utils@0.7.0

@gradio/video@0.*

@gradio/video@0.11.0

@gradio/video@0.11.1

@gradio/video@0.11.2

@gradio/video@0.11.3

@gradio/video@0.11.4

@gradio/video@0.11.5

@gradio/video@0.11.6

@gradio/wasm@0.*

@gradio/wasm@0.14.0

@gradio/wasm@0.14.1

@gradio/wasm@0.14.2

@self/app@1.*

@self/app@1.41.0

@self/app@1.41.1

@self/app@1.41.2

@self/app@1.42.0

@self/app@1.42.1

@self/app@1.43.0

@self/build@0.*

@self/build@0.1.0

@self/build@0.1.1

@self/build@0.2.0

@self/component-test@0.*

@self/component-test@0.2.0

@self/component-test@0.2.1

@self/component-test@0.2.2

@self/component-test@0.2.3

@self/component-test@0.2.4

@self/component-test@0.2.5

@self/component-test@0.3.0

@self/spa@0.*

@self/spa@0.1.0

@self/spa@0.2.0

@self/storybook@0.*

@self/storybook@0.7.0

@self/storybook@0.8.0

@self/tootils@0.*

@self/tootils@0.7.0

@self/tootils@0.7.1

@self/tootils@0.7.2

@self/tootils@0.7.3

@self/tootils@0.7.4

@self/tootils@0.7.5

@self/tootils@0.7.6

gradio@5.*

gradio@5.0.0

gradio@5.0.1

gradio@5.0.2

gradio@5.1.0

gradio@5.2.0

gradio@5.2.1

gradio@5.3.0

gradio@5.4.0

gradio_client@1.*

gradio_client@1.4.0

gradio_client@1.4.1

gradio_client@1.4.2

website@0.*

website@0.40.0

website@0.40.1

website@0.40.2

website@0.40.3

website@0.41.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51751.json"