Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/gradio@3.45.0b7
Typepypi
Namespace
Namegradio
Version3.45.0b7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.7.0
Latest_non_vulnerable_version6.7.0
Affected_by_vulnerabilities
0
url VCID-891h-rrw9-d3cx
vulnerability_id VCID-891h-rrw9-d3cx
summary Command Injection in GitHub repository gradio-app/gradio prior to main.
references
0
reference_url https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520
1
reference_url https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6572
reference_id CVE-2023-6572
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-6572
fixed_packages
0
url pkg:pypi/gradio@4.14.0
purl pkg:pypi/gradio@4.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ueu-3u8x-pkfs
1
vulnerability VCID-3w2j-55q7-t7by
2
vulnerability VCID-4ahq-tuj8-fkgc
3
vulnerability VCID-4y28-s547-c3d3
4
vulnerability VCID-5c6u-kz54-a7ee
5
vulnerability VCID-6cys-sapp-9yh6
6
vulnerability VCID-aajd-8tqx-c3bn
7
vulnerability VCID-bmqt-uegd-hyap
8
vulnerability VCID-dsw8-wy3z-53hm
9
vulnerability VCID-ejg7-khk7-9qf3
10
vulnerability VCID-g36q-9t77-nuc9
11
vulnerability VCID-grp8-svdp-r7e6
12
vulnerability VCID-h9ep-6qj7-pued
13
vulnerability VCID-j1w9-nvdf-nfbr
14
vulnerability VCID-mk15-qxqc-vfab
15
vulnerability VCID-vg49-znwv-akgf
16
vulnerability VCID-wep6-zfzs-jkfb
17
vulnerability VCID-znu2-s2vu-n3fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@4.14.0
aliases CVE-2023-6572, PYSEC-2023-255
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-891h-rrw9-d3cx
1
url VCID-uhjk-e9b3-cqea
vulnerability_id VCID-uhjk-e9b3-cqea
summary Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.
references
0
reference_url https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76
1
reference_url https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055
2
reference_url https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51449
reference_id CVE-2023-51449
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-51449
4
reference_url https://github.com/advisories/GHSA-6qm2-wpxq-7qh2
reference_id GHSA-6qm2-wpxq-7qh2
reference_type
scores
url https://github.com/advisories/GHSA-6qm2-wpxq-7qh2
fixed_packages
0
url pkg:pypi/gradio@4.11.0
purl pkg:pypi/gradio@4.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ueu-3u8x-pkfs
1
vulnerability VCID-3w2j-55q7-t7by
2
vulnerability VCID-4ahq-tuj8-fkgc
3
vulnerability VCID-4y28-s547-c3d3
4
vulnerability VCID-5c6u-kz54-a7ee
5
vulnerability VCID-6cys-sapp-9yh6
6
vulnerability VCID-891h-rrw9-d3cx
7
vulnerability VCID-aajd-8tqx-c3bn
8
vulnerability VCID-bmqt-uegd-hyap
9
vulnerability VCID-dsw8-wy3z-53hm
10
vulnerability VCID-ejg7-khk7-9qf3
11
vulnerability VCID-g36q-9t77-nuc9
12
vulnerability VCID-grp8-svdp-r7e6
13
vulnerability VCID-h9ep-6qj7-pued
14
vulnerability VCID-j1w9-nvdf-nfbr
15
vulnerability VCID-mk15-qxqc-vfab
16
vulnerability VCID-vg49-znwv-akgf
17
vulnerability VCID-wep6-zfzs-jkfb
18
vulnerability VCID-znu2-s2vu-n3fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@4.11.0
aliases CVE-2023-51449, GHSA-6qm2-wpxq-7qh2, PYSEC-2023-249
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhjk-e9b3-cqea
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/gradio@3.45.0b7