CVE-2024-51751: Gradio vulnerable to arbitrary file read with File and UploadButton components
If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server.
References
Detect and mitigate CVE-2024-51751 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →