Command Injection in gradio-app/gradio
CVE-2023-6572

8.1HIGH

Key Information:

Vendor: Gradio-app
Status: Gradio-app/gradio
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-6572?

The Gradio App contains a command injection vulnerability that can allow an attacker to execute arbitrary commands on the host system. This issue exists prior to the main branch of the GitHub repository gradio-app/gradio, potentially compromising the integrity and security of affected installations. It is crucial for users to update to the latest version to mitigate this risk and ensure the security of their applications.

Affected Version(s)

gradio-app/gradio < unspecified

References

https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8...

https://github.com/gradio-app/gradio/commit/5b5af1899dd98...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Dec 7, 2023

Gradio-app

What is CVE-2023-6572?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline