GHSA-f3h9-8phc-6gvh

Source

https://github.com/advisories/GHSA-f3h9-8phc-6gvh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-f3h9-8phc-6gvh/GHSA-f3h9-8phc-6gvh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f3h9-8phc-6gvh

Aliases

CVE-2024-0964

Published

2024-02-06T00:30:28Z

Modified

2024-02-16T08:23:18.563799Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Gradio Path Traversal vulnerability

Details

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

References

Affected packages

PyPI / gradio

Package

Name: gradio; View open source insights on deps.dev
Purl: pkg:pypi/gradio

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.0

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.4.0

0.4.1

0.4.2

0.4.4

0.5.0

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.8.0

0.8.1

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9.2

0.9.9.3

0.9.9.5

0.9.9.6

0.9.9.7

0.9.9.8

0.9.9.9

0.9.9.9.2

1.*

1.0.0a1

1.0.0a3

1.0.0a4

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.8

1.1.8.1

1.1.9

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.4.0

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

2.*

2.0.0

2.0.1

2.0.2

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.1.0

2.1.1

2.1.2

2.1.4

2.1.6

2.1.7

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9a0

2.2.9a2

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.3.0a0

2.3.0b99

2.3.0b101

2.3.0b102

2.3.0

2.3.3

2.3.4

2.3.5b0

2.3.5

2.3.6

2.3.7b0

2.3.7b1

2.3.7b2

2.3.7

2.3.8b0

2.3.9

2.4.0a0

2.4.0

2.4.1

2.4.2

2.4.4

2.4.5

2.4.6

2.4.7b0

2.4.7b2

2.4.7b3

2.4.7b4

2.4.7b5

2.4.7b6

2.4.7b7

2.4.7b8

2.4.7b9

2.5.0

2.5.1

2.5.2

2.5.3

2.5.8a0

2.6.0

2.6.1a0

2.6.1b0

2.6.1b3

2.6.1

2.6.2

2.6.3

2.6.4b0

2.6.4b2

2.6.4b3

2.6.4

2.7.0a101

2.7.0a102

2.7.0b70

2.7.0

2.7.5

2.7.5.1

2.7.5.2b0

2.7.5.2

2.8.0a100

2.8.0b0

2.8.0b2

2.8.0b3

2.8.0b4

2.8.0b5

2.8.0b6

2.8.0b10

2.8.0b12

2.8.0b20

2.8.0b22

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.9.0b0

2.9.0b1

2.9.0b2

2.9.0b3

2.9.0b5

2.9.0b6

2.9.0b7

2.9.0b8

2.9.0b9

2.9.0b10

2.9b11

2.9b12

2.9b13

2.9b14

2.9b15

2.9b20

2.9b21

2.9b22

2.9b23

2.9b24

2.9b25

2.9b26

2.9b27

2.9b28

2.9b30

2.9b31

2.9b32

2.9b33

2.9b40

2.9b48

2.9b50

2.9.0

2.9.0.1

2.9.1

2.9.2

2.9.3

2.9.4

3.*

3.0b0

3.0b1

3.0b2

3.0b5

3.0b6

3.0b8

3.0b9

3.0b10

3.0

3.0.1b120

3.0.1b121

3.0.1b300

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6b1

3.0.6b2

3.0.6b3

3.0.6

3.0.7

3.0.8b1

3.0.8

3.0.9b10

3.0.9b11

3.0.9b20

3.0.9

3.0.10b2

3.0.10b16

3.0.10

3.0.11b1

3.0.11

3.0.12

3.0.13b13

3.0.13b15

3.0.13b100

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18b0

3.0.18

3.0.19b0

3.0.19b1

3.0.19b2

3.0.19

3.0.20.dev0

3.0.20

3.0.21

3.0.22

3.0.23.dev1

3.0.23

3.0.24

3.0.25

3.0.26

3.1.0

3.1.1

3.1.2

3.1.3a0

3.1.3a2

3.1.3a3

3.1.3a4

3.1.3a5

3.1.3

3.1.4b0

3.1.4b1

3.1.4b2

3.1.4b3

3.1.4b4

3.1.4b5

3.1.4

3.1.5b1

3.1.5b2

3.1.5b3

3.1.5b4

3.1.5b5

3.1.5b7

3.1.5b8

3.1.5b9

3.1.5b10

3.1.5

3.1.6b1

3.1.6

3.1.7

3.1.8b0

3.1.8b2

3.1.8b3

3.1.8b4

3.1.8b6

3.2

3.2.1b0

3.2.1b1

3.2.1b2

3.3b0

3.3b1

3.3

3.3.1

3.4b0

3.4b1

3.4b2

3.4b3

3.4b5

3.4

3.4.1

3.5

3.6.0b1

3.6.0b2

3.6.0b3

3.6.0b7

3.6.0b10

3.6

3.7

3.8b1

3.8b2

3.8

3.8.1.dev1

3.8.1

3.8.2

3.9

3.9.1

3.10.0

3.10.1

3.11.0

3.12.0b1

3.12.0b2

3.12.0b3

3.12.0b6

3.12.0b7

3.12.0

3.13.0b1

3.13.0

3.13.1b0

3.13.1b1

3.13.1b2

3.13.1

3.13.2

3.14.0a1

3.14.0

3.15.0

3.16.0

3.16.1b1

3.16.1

3.16.2

3.17.0

3.17.1b1

3.17.1b2

3.17.1

3.18.0

3.18.1b1

3.18.1b2

3.18.1b3

3.18.1b4

3.18.1b5

3.18.1b6

3.18.1b7

3.19.0

3.19.1

3.20.0b1

3.20.0b2

3.20.0

3.20.1

3.21.0

3.22.0

3.22.1b1

3.22.1

3.23.0

3.23.1b1

3.23.1b2

3.23.1b3

3.24.0

3.24.1

3.25.0

3.25.1b1

3.25.1b2

3.26.0

3.27.0

3.28.0

3.28.1

3.28.2

3.28.3

3.28.4b0

3.29.0

3.30.0

3.31.0

3.32.0

3.33.0

3.33.1

3.34.0

3.35.0

3.35.1

3.35.2

3.36.0

3.36.1

3.37.0

3.38.0

3.39.0

3.40.0

3.40.1

3.41.0

3.41.1

3.41.2

3.42.0

3.43.0

3.43.1

3.43.2

3.44.0

3.44.1

3.44.2

3.44.3

3.44.4

3.45.0b0

3.45.0b1

3.45.0b2

3.45.0b3

3.45.0b4

3.45.0b5

3.45.0b6

3.45.0b7

3.45.0b8

3.45.0b9

3.45.0b10

3.45.0b11

3.45.0b12

3.45.0b13

3.45.0

3.45.1

3.45.2

3.46.0

3.46.1

3.47.0

3.47.1

3.48.0

3.49.0

3.50.0

3.50.1

3.50.2

4.*

4.0.0b15

4.0.0

4.0.1

4.0.2

4.1.0

4.1.1

4.1.2

4.2.0

4.3.0

4.4.0

4.4.1

4.5.0

4.7.0

4.7.1

4.8.0