{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46033?format=json","vulnerability_id":"VCID-e4mg-mfdz-kqfr","summary":"Unrestricted Upload of File with Dangerous Type\nGradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.","aliases":[{"alias":"CVE-2023-41626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33984?format=json","purl":"pkg:pypi/gradio@3.28.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ueu-3u8x-pkfs"},{"vulnerability":"VCID-3w2j-55q7-t7by"},{"vulnerability":"VCID-4ahq-tuj8-fkgc"},{"vulnerability":"VCID-4y28-s547-c3d3"},{"vulnerability":"VCID-5c6u-kz54-a7ee"},{"vulnerability":"VCID-6cys-sapp-9yh6"},{"vulnerability":"VCID-891h-rrw9-d3cx"},{"vulnerability":"VCID-aajd-8tqx-c3bn"},{"vulnerability":"VCID-bmqt-uegd-hyap"},{"vulnerability":"VCID-dsw8-wy3z-53hm"},{"vulnerability":"VCID-ejg7-khk7-9qf3"},{"vulnerability":"VCID-g36q-9t77-nuc9"},{"vulnerability":"VCID-grp8-svdp-r7e6"},{"vulnerability":"VCID-h9ep-6qj7-pued"},{"vulnerability":"VCID-j1w9-nvdf-nfbr"},{"vulnerability":"VCID-mk15-qxqc-vfab"},{"vulnerability":"VCID-q41h-dde2-93gc"},{"vulnerability":"VCID-uhjk-e9b3-cqea"},{"vulnerability":"VCID-vg49-znwv-akgf"},{"vulnerability":"VCID-wep6-zfzs-jkfb"},{"vulnerability":"VCID-znu2-s2vu-n3fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@3.28.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33983?format=json","purl":"pkg:pypi/gradio@3.27.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ueu-3u8x-pkfs"},{"vulnerability":"VCID-3w2j-55q7-t7by"},{"vulnerability":"VCID-4ahq-tuj8-fkgc"},{"vulnerability":"VCID-4y28-s547-c3d3"},{"vulnerability":"VCID-5c6u-kz54-a7ee"},{"vulnerability":"VCID-6cys-sapp-9yh6"},{"vulnerability":"VCID-891h-rrw9-d3cx"},{"vulnerability":"VCID-aajd-8tqx-c3bn"},{"vulnerability":"VCID-bmqt-uegd-hyap"},{"vulnerability":"VCID-dsw8-wy3z-53hm"},{"vulnerability":"VCID-e4mg-mfdz-kqfr"},{"vulnerability":"VCID-ejg7-khk7-9qf3"},{"vulnerability":"VCID-g36q-9t77-nuc9"},{"vulnerability":"VCID-grp8-svdp-r7e6"},{"vulnerability":"VCID-h9ep-6qj7-pued"},{"vulnerability":"VCID-j1w9-nvdf-nfbr"},{"vulnerability":"VCID-mk15-qxqc-vfab"},{"vulnerability":"VCID-q41h-dde2-93gc"},{"vulnerability":"VCID-uhjk-e9b3-cqea"},{"vulnerability":"VCID-vg49-znwv-akgf"},{"vulnerability":"VCID-wep6-zfzs-jkfb"},{"vulnerability":"VCID-znu2-s2vu-n3fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@3.27.0"}],"references":[{"reference_url":"https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41626","reference_id":"CVE-2023-41626","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41626"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":434,"name":"Unrestricted Upload of File with Dangerous Type","description":"The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4mg-mfdz-kqfr"}