HIGH 8.2

GHSA-pgfv-gvc5-prfg

Gradio Vulnerable to Arbitrary File Deletion

상세

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / gradio

최초 영향 버전: 4.0.0

No fixed version published yet for gradio (pip). Pin to a known-safe version or switch to an alternative.

참고

https://nvd.nist.gov/vuln/detail/CVE-2024-10648 [ADVISORY]
https://github.com/gradio-app/gradio [PACKAGE]
https://github.com/gradio-app/gradio/blame/98cbcaef827de7267462ccba180c7b2ffb1e825d/gradio/processing_utils.py#L234 [WEB]
https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76 [WEB]