Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3cr8-jcqv-pkc6

Summary Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Aliases

alias	CVE-2024-51751

alias	GHSA-rhm9-gp5p-5248

alias	PYSEC-2024-275

Fixed_packages

url pkg:pypi/gradio@5.5.0

purl pkg:pypi/gradio@5.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.5.0

Affected_packages

url pkg:pypi/gradio@5.0.0

purl pkg:pypi/gradio@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.0.0

url pkg:pypi/gradio@5.0.1

purl pkg:pypi/gradio@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.0.1

url pkg:pypi/gradio@5.0.2

purl pkg:pypi/gradio@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.0.2

url pkg:pypi/gradio@5.1.0

purl pkg:pypi/gradio@5.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.1.0

url pkg:pypi/gradio@5.3.0

purl pkg:pypi/gradio@5.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.3.0

url pkg:pypi/gradio@5.4.0

purl pkg:pypi/gradio@5.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cr8-jcqv-pkc6

vulnerability	VCID-aajd-8tqx-c3bn

vulnerability	VCID-bmqt-uegd-hyap

vulnerability	VCID-dsw8-wy3z-53hm

vulnerability	VCID-j1w9-nvdf-nfbr

vulnerability	VCID-vaq5-ccvf-kyg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@5.4.0

References

reference_url

https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248

Weaknesses

Exploits

Severity_range_score 6.5 - 6.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cr8-jcqv-pkc6

Vulnerability Instance