The vulnerability stems from the ability to call any method on a Component class through the /component_server endpoint without proper validation of the method being called or the arguments passed. An attacker can exploit this by invoking the move_resource_to_block_cache() method of the Block class, which Component inherits from, to copy any file from the filesystem to a temporary directory and retrieve it via the /file={path} endpoint. This could lead to the exposure of sensitive information stored on the server.

An attacker first identifies a running Gradio application, then sends a crafted request to the /component_server endpoint specifying the move_resource_to_block_cache function name and the path to a sensitive file (e.g., /etc/passwd) as arguments. The server executes this request, resulting in the specified file being copied to a temporary directory. The attacker then sends another request to retrieve the file from the temporary directory, gaining unauthorized access to its contents.

Any server running an unpatched version of Gradio (specifically version 4.12.0) is vulnerable to this attack. This includes individual developers, organizations, and services hosting Gradio applications, such as those on huggingface.co, potentially exposing sensitive information like environment variables, API tokens, and credentials.