Title:Gradio 路径遍历漏洞 (CVE-2023-51449) Description:Gradio是一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio 4.11.0之前版本存在路径遍历漏洞,该漏洞源于/file存在路径遍历漏洞。
Description
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33
File Snapshot
id: CVE-2023-51449
info:
name: Gradio Hugging Face - Local File Inclusion
author: nvn1729
sev
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.