High Severity

gradio

Local File Inclusion via JSON Component

A Local File Inclusion (LFI) vulnerability was identified in the JSON component of a web application, affecting versions 4.25 to 4.31.3. The issue, patched in version 4.31.4, allowed attackers to read local files by manipulating JSON input.

Available publicly on May 30 2024

7.5

CVE:

CVE-2024-4941

CWE:

20:Improper Input Validation

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

ozelis
AssessDetect

Premium

Remediate
Remediation Steps
  • Update the web application to version 4.31.4 or later.
  • Review and sanitize all user inputs, especially those that are parsed or processed as JSON.
  • Implement strict input validation checks to prevent unauthorized file path injections.
  • Regularly audit and test application components for similar vulnerabilities.
Patch Details
  • Fixed Version: 4.31.4
  • Patch Commit: https://github.com/gradio-app/gradio/commit/ee1e2942e0a1ae84a08a05464e41c8108a03fa9c
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon