CVE-2024-1728: Gradio allows users to access arbitrary files
(updated )
This vulnerability allows users of Gradio applications that have a public link (such as on Hugging Face Spaces) to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server.
References
- github.com/advisories/GHSA-m842-4qm8-7gpq
- github.com/gradio-app/gradio
- github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
- github.com/gradio-app/gradio/security/advisories/GHSA-m842-4qm8-7gpq
- huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a
- nvd.nist.gov/vuln/detail/CVE-2024-1728
Code Behaviors & Features
Detect and mitigate CVE-2024-1728 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →