Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3qqg-pgqq-3695

GitHub Security Advisory

Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
There are two separate security vulnerabilities here: (1) a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps (2) the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs

### Patches
Both problems have been solved, please upgrade `gradio` to `3.34.0` or higher

### Workarounds
Not possible to workaround except by taking down any shared Gradio apps

### References
Relevant PRs:
* https://github.com/gradio-app/gradio/pull/4406
* https://github.com/gradio-app/gradio/pull/4370

Affected Packages

PyPI gradio
Affected versions: 0 (fixed in 3.34.0)

Related CVEs

CVE-2023-34239

Key Information

GHSA ID
GHSA-3qqg-pgqq-3695
Published
June 9, 2023 10:51 PM
Last Modified
September 20, 2024 9:19 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
gradio
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.