漏洞描述
Gradio 是一个开源 Python 包,可让用户快速为机器学习模型、API 或任何任意模型构建演示或 Web 应用程序。Gradio > 4.19.1 版本存在目录遍历漏洞,攻击者可利用该漏洞读取系统敏感信息,可能导致信息泄露及其他安全风险。
Gradio UploadButton 目录遍历漏洞(CVE-2024-1728)
PoC代码
暂无相关漏洞推荐
- POC gradio-image-ssrf: Gradio Image Component - Server-Side Request Forgery
- POC gradio-lfi: Gradio - Local File Inclusion
- POC CVE-2021-43831: Gradio < 2.5.0 - Arbitrary File Read
- POC CVE-2023-51449: Gradio Hugging Face - Local File Inclusion
- POC CVE-2024-1183: Gradio - Server Side Request Forgery
- POC CVE-2024-1561: Gradio 4.3-4.12 - Local File Read
- POC CVE-2024-1728: Gradio > 4.19.1 UploadButton - Path Traversal
- POC CVE-2024-4325: Gradio - Server-Side Request Forgery
- POC CVE-2024-4940: Gradio - Open Redirect
- POC CVE-2024-8021: Gradio - Open Redirect
- POC gradio-component-server-lfi: Gradio 3.47/3.50.2 - Local File Inclusion
- POC gradio-ssrf: Gradio 3.47 - 3.50.2 - Server-Side Request Forgery
- Gradio SSRF漏洞(CVE-2024-4325)