GHSA-m842-4qm8-7gpq: Gradio allows users to access arbitrary files

September 25, 2024

This vulnerability allows users of Gradio applications that have a public link (such as on Hugging Face Spaces) to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server.

References

github.com/advisories/GHSA-m842-4qm8-7gpq
github.com/gradio-app/gradio
github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
github.com/gradio-app/gradio/security/advisories/GHSA-m842-4qm8-7gpq

Detect and mitigate GHSA-m842-4qm8-7gpq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →