PyPi: Gradio

CVE-2024-39236

Safety vulnerability ID: 72086

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 01, 2024 Updated at Dec 16, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of Gradio contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input.
NOTE: the supplier disputes this because the report is about a user attacking himself.

Affected package

gradio

Latest version: 5.9.1

Python library for easily interacting with trained machine learning models

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/Aaron911/PoC/blob/main/Gradio.md
https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39236

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application