Files on the host computer can be accessed from the Gradio interface
CVE-2021-43831

7.7HIGH

Key Information:

Vendor: Gradio-app
Status: Gradio
Vendor: CVE Published:; 15 December 2021

What is CVE-2021-43831?

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gradio < 2.5.0

References

https://github.com/gradio-app/gradio/security/advisories/...

x_refsource_CONFIRM

https://github.com/gradio-app/gradio/commit/41bd3645bdb61...

x_refsource_MISC

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 15, 2021
Vulnerability Reserved
Nov 16, 2021

JSON

Gradio-app