CVE-2024-4941
June 06, 2024
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the "postprocess()" function within "gradio/components/json_component.py", where a user-controlled string is parsed as JSON. If the parsed JSON object contains a "path" key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the "/file=.." endpoint. This issue is due to the "processing_utils.move_files_to_cache()" function traversing any object passed to it, looking for a dictionary with a "path" key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk.
Affected Packages
gradio (PYTHON):
Affected version(s) >=0.1.0 <4.31.3Fix Suggestion:
Update to version 4.31.3Related Resources (5)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
EPSS
Base Score:
0.77
