CVE-2023-51449 - Vulnerability Details - OpenCVE

Description

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.

Published: 2023-12-22

Score: 5.6 Medium

EPSS: 81.0% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

gradio-app

gradio

affected

Version	Status	Constraints
`< 4.11.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-6qm2-wpxq-7qh2	Gradio makes the `/file` secure against file traversal and server-side request forgery attacks

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.80984.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76
https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055
https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2

History

No history.

Subscriptions

Gradio Project Gradio

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T20:58:36.185Z

Updated: 2024-08-02T22:32:09.953Z

Reserved: 2023-12-19T15:19:39.615Z

Link: CVE-2023-51449

Vulnrichment

Updated: 2024-08-02T22:32:09.953Z

NVD

Status : Modified

Published: 2023-12-22T21:15:09.000

Modified: 2024-11-21T08:38:08.513

Link: CVE-2023-51449

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51449", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-19T15:19:39.615Z", "datePublished": "2023-12-22T20:58:36.185Z", "dateUpdated": "2024-08-02T22:32:09.953Z"}, "containers": {"cna": {"title": "Make the `/file` secure against file traversal attacks", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2"}, {"name": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "tags": ["x_refsource_MISC"], "url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76"}, {"name": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "tags": ["x_refsource_MISC"], "url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055"}], "affected": [{"vendor": "gradio-app", "product": "gradio", "versions": [{"version": "< 4.11.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T20:58:36.185Z"}, "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0."}], "source": {"advisory": "GHSA-6qm2-wpxq-7qh2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-09T21:07:15.451937Z", "id": "CVE-2023-51449", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T18:27:57.779Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.953Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2"}, {"name": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76"}, {"name": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "name": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "name": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:09.953Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51449", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-09T21:07:15.451937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T18:27:55.807Z"}}], "cna": {"title": "Make the `/file` secure against file traversal attacks", "source": {"advisory": "GHSA-6qm2-wpxq-7qh2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gradio-app", "product": "gradio", "versions": [{"status": "affected", "version": "< 4.11.0"}]}], "references": [{"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "name": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "name": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T20:58:36.185Z"}}}, "cveMetadata": {"cveId": "CVE-2023-51449", "state": "PUBLISHED", "dateUpdated": "2024-08-02T22:32:09.953Z", "dateReserved": "2023-12-19T15:19:39.615Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-12-22T20:58:36.185Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*", "matchCriteriaId": "2ED6F199-2E15-4A3C-978D-0F6712D53C4C", "versionEndExcluding": "4.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0."}, {"lang": "es", "value": "Gradio es un paquete Python de c\u00f3digo abierto que le permite crear r\u00e1pidamente una demostraci\u00f3n o una aplicaci\u00f3n web para su modelo de aprendizaje autom\u00e1tico, API o cualquier funci\u00f3n arbitraria de Python. Las versiones de `gradio` anteriores a la 4.11.0 conten\u00edan una vulnerabilidad en la ruta `/file` que las hac\u00eda susceptibles a ataques transversales de archivos en los que un atacante pod\u00eda acceder a archivos arbitrarios en una m\u00e1quina que ejecutaba una aplicaci\u00f3n Gradio con una URL p\u00fablica (por ejemplo, si la demostraci\u00f3n se cre\u00f3 con `share=True`, o en Hugging Face Spaces) si conoc\u00edan la ruta de los archivos a buscar. Este problema se solucion\u00f3 en la versi\u00f3n 4.11.0."}], "id": "CVE-2023-51449", "lastModified": "2024-11-21T08:38:08.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-22T21:15:09.000", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}