Improper Input Validation
CVE-2023-34239
Summary
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users in versions prior to 3.34.0. Additionally, Gradio does not properly restrict what URLs are proxied. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Advisory Timeline
- Published