Information disclosure in Gradio-app Gradio

CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can expl…

Vulnerability class: Information Disclosure

EPSS: 0.002 (42.1th percentile) — read the EPSS interpretation.

Affected products

Gradio-app Gradio — versions < 5.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-4q3c-cj7g-jcwf (x_refsource_CONFIRM)