gradio 5.0.1 vulnerabilities

Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling over the `/upload` endpoint. An attacker can cause denial of service by sending a payload with an excessively long filename. How to fix Allocation of Resources Without Limits or Throttling? There is no fixed version for `gradio`.	[0,)
M Path Equivalence gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Path Equivalence due to the `blocked_path()` function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions. How to fix Path Equivalence? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect. The `validate_url()` function can be forced to follow a redirect to an unintended site if the URL is passed to the `file` parameter and includes URL encoding. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)
H Denial of Service (DoS) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Denial of Service (DoS) through the file upload process. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render the system inaccessible for extended periods, disrupting services and causing significant downtime. How to fix Denial of Service (DoS)? Upgrade `gradio` to version 5.8.0 or higher.	[,5.8.0)
H Undefined Behavior for Input to API gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the `dataframe` component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb. How to fix Undefined Behavior for Input to API? There is no fixed version for `gradio`.	[4.0.0,)
H Regular Expression Denial of Service (ReDoS) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the `gr.Datetime` component. An attacker can cause the server to consume excessive CPU resources and potentially lead to a service disruption by sending a specially crafted HTTP request. How to fix Regular Expression Denial of Service (ReDoS)? There is no fixed version for `gradio`.	[4.38.0,)
H Arbitrary File Write via Archive Extraction (Zip Slip) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the `Audio` component. An attacker can delete arbitrary file content by manipulating the output format, resetting any file to an empty state and causing a denial of service on the server. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `gradio`.	[4.0.0,)
M Regular Expression Denial of Service (ReDoS) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `remove_html_tags()` function in `utils.py`, which can be exploited by a user to cause the application to hang during deployment. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `gradio` to version 5.13.0 or higher.	[,5.13.0)
H Improper Handling of Case Sensitivity gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper case normalization in the file path validation logic through the `blocked_paths` parameter of the `is_allowed_file` function. An attacker can gain unauthorized access to sensitive files by altering the letter case of a blocked file or directory path. Note: This is only exploitable on case-insensitive file systems, such as Windows and macOS. How to fix Improper Handling of Case Sensitivity? Upgrade `gradio` to version 5.11.0 or higher.	[,5.11.0)
H Directory Traversal gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the `processing_utils.async_move_files_to_cache` function. An attacker can read arbitrary files from the server by manipulating the file path input to bypass the security checks that are supposed to restrict file access to only those uploaded by a user. Note: This is only exploitable if the application uses the `File` or `UploadButton` components to upload files and echo/preview the content to the user. How to fix Directory Traversal? Upgrade `gradio` to version 5.5.0 or higher.	[5.0.0,5.5.0)
H Server-side Request Forgery (SSRF) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the `save_url_to_cache` function. An attacker can access and download local resources and sensitive information. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `gradio`.	[0,)
M Arbitrary Code Injection gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate `pyi`. An attacker can execute arbitrary code by supplying crafted input. Note: This vulnerability is disputed by the maintainer because the report is about a user attacking himself. How to fix Arbitrary Code Injection? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the `file` parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling over the /upload endpoint. An attacker can cause denial of service by sending a payload with an excessively long filename.

How to fix Allocation of Resources Without Limits or Throttling?

There is no fixed version for gradio.

[0,)

Path Equivalence

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Path Equivalence due to the blocked_path() function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions.

How to fix Path Equivalence?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect. The validate_url() function can be forced to follow a redirect to an unintended site if the URL is passed to the file parameter and includes URL encoding.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

Denial of Service (DoS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Denial of Service (DoS) through the file upload process. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render the system inaccessible for extended periods, disrupting services and causing significant downtime.

How to fix Denial of Service (DoS)?

Upgrade gradio to version 5.8.0 or higher.

[,5.8.0)

Undefined Behavior for Input to API

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the dataframe component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb.

How to fix Undefined Behavior for Input to API?

There is no fixed version for gradio.

[4.0.0,)

Regular Expression Denial of Service (ReDoS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the gr.Datetime component. An attacker can cause the server to consume excessive CPU resources and potentially lead to a service disruption by sending a specially crafted HTTP request.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fixed version for gradio.

[4.38.0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the Audio component. An attacker can delete arbitrary file content by manipulating the output format, resetting any file to an empty state and causing a denial of service on the server.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for gradio.

[4.0.0,)

Regular Expression Denial of Service (ReDoS)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the remove_html_tags() function in utils.py, which can be exploited by a user to cause the application to hang during deployment.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade gradio to version 5.13.0 or higher.

[,5.13.0)

Improper Handling of Case Sensitivity

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper case normalization in the file path validation logic through the blocked_paths parameter of the is_allowed_file function. An attacker can gain unauthorized access to sensitive files by altering the letter case of a blocked file or directory path.

Note:

This is only exploitable on case-insensitive file systems, such as Windows and macOS.

How to fix Improper Handling of Case Sensitivity?

Upgrade gradio to version 5.11.0 or higher.

[,5.11.0)

Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processing_utils.async_move_files_to_cache function. An attacker can read arbitrary files from the server by manipulating the file path input to bypass the security checks that are supposed to restrict file access to only those uploaded by a user.

Note:

This is only exploitable if the application uses the File or UploadButton components to upload files and echo/preview the content to the user.

How to fix Directory Traversal?

Upgrade gradio to version 5.5.0 or higher.

[5.0.0,5.5.0)

Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for gradio.

[0,)

Arbitrary Code Injection

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

How to fix Arbitrary Code Injection?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

gradio@5.0.1 vulnerabilities

Python library for easily interacting with trained machine learning models

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?