CVE-2024-0964
HIGH7.5EPSS 0.15%Gradio Path Traversal vulnerability
Published: 2/6/2024Modified: 5/19/2026
Description
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Affected packages (2)
- PyPI/gradiofrom 0, < 4.9.0
- PyPI/gradio
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-0964
- PATCHhttps://github.com/gradio-app/gradio
- WEBhttps://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-261.yaml
- WEBhttps://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741