HIGH 8.1
PYSEC-2023-255
Details
Command Injection in GitHub repository gradio-app/gradio prior to main.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / gradio
Introduced in:
0 Fixed in: 5b5af1899dd98d63e1f9b48a93601c2db1f56520 Fix
pip install --upgrade 'gradio>=5b5af1899dd98d63e1f9b48a93601c2db1f56520' References
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c [EVIDENCE]
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c [REPORT]
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c [FIX]
- https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c [WEB]
- https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520 [FIX]
- https://github.com/advisories/GHSA-gqvf-3hgp-5hxv [ADVISORY]