Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gradio has Absolute Path Traversal on Windows with Python 3.13+
Vulnerability Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
绝对路径遍历
Vulnerability Title
Gradio 安全漏洞
Vulnerability Description
Gradio是Gradio开源的一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio 6.7之前版本存在安全漏洞,该漏洞源于Python 3.13+中os.path.isabs定义变更导致绝对路径遍历逻辑缺陷,可能导致未经验证的攻击者从文件系统读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A