aliabid94

3 exploits Active since Feb 2024
CVE-2024-1561 WRITEUP HIGH WRITEUP
gradio-app/gradio - Info Disclosure
An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.
CVSS 7.5
CVE-2024-0964 WRITEUP CRITICAL WRITEUP
Gradio < 4.9.0 - Path Traversal via API Request JSON Value
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
CVSS 9.4
CVE-2024-1728 WRITEUP HIGH WRITEUP
gradio 4.18.0-4.19.2 - Path Traversal and Arbitrary File Read via UploadButton Queue Join Endpoint
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.
CVSS 7.5