Skip to main content

Improper Input Validation

CVE-2023-34239

Severity High
Score 7.3/10

Summary

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users in versions prior to 3.34.0. Additionally, Gradio does not properly restrict what URLs are proxied. Users are advised to upgrade. There are no known workarounds for this vulnerability.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • LOW

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Advisory Timeline

  • Published