CVE-2024-1727

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1727

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1727.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-1727

Aliases

GHSA-48cq-79qq-6f7x

Published

2024-03-21T20:15:07.620Z

Modified

2026-02-13T08:34:20.562682Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.

References

Affected packages

Git / github.com/gradio-app/gradio

Affected ranges

Type: GIT
Repo: https://github.com/gradio-app/gradio
Events: Introduced

138761226a8070fb18d4f34c757b78d51e1c6101

Fixed

bacbc70fa1936a5ca2bfd85ab493a4912004b10e

Affected versions

@gradio/accordion@0.*

@gradio/accordion@0.3.0

@gradio/accordion@0.3.1

@gradio/accordion@0.3.2

@gradio/accordion@0.3.3

@gradio/annotatedimage@0.*

@gradio/annotatedimage@0.4.4

@gradio/annotatedimage@0.5.0

@gradio/annotatedimage@0.5.1

@gradio/annotatedimage@0.5.2

@gradio/app@1.*

@gradio/app@1.23.0

@gradio/app@1.24.0

@gradio/app@1.25.0

@gradio/app@1.25.1

@gradio/atoms@0.*

@gradio/atoms@0.5.0

@gradio/atoms@0.5.1

@gradio/atoms@0.5.2

@gradio/atoms@0.5.3

@gradio/audio@0.*

@gradio/audio@0.8.0

@gradio/audio@0.8.1

@gradio/audio@0.9.0

@gradio/audio@0.9.1

@gradio/audio@0.9.2

@gradio/box@0.*

@gradio/box@0.1.10

@gradio/box@0.1.7

@gradio/box@0.1.8

@gradio/box@0.1.9

@gradio/button@0.*

@gradio/button@0.2.18

@gradio/button@0.2.19

@gradio/button@0.2.20

@gradio/button@0.2.21

@gradio/button@0.2.22

@gradio/cdn-test@0.*

@gradio/cdn-test@0.0.1

@gradio/chatbot@0.*

@gradio/chatbot@0.6.3

@gradio/chatbot@0.6.4

@gradio/chatbot@0.7.0

@gradio/chatbot@0.7.1

@gradio/chatbot@0.7.2

@gradio/checkbox@0.*

@gradio/checkbox@0.2.10

@gradio/checkbox@0.2.7

@gradio/checkbox@0.2.8

@gradio/checkbox@0.2.9

@gradio/checkboxgroup@0.*

@gradio/checkboxgroup@0.4.1

@gradio/checkboxgroup@0.4.2

@gradio/checkboxgroup@0.4.3

@gradio/checkboxgroup@0.4.4

@gradio/client@0.*

@gradio/client@0.11.0

@gradio/client@0.12.0

@gradio/client@0.12.1

@gradio/code@0.*

@gradio/code@0.3.8

@gradio/code@0.4.0

@gradio/code@0.5.0

@gradio/code@0.5.1

@gradio/code@0.5.2

@gradio/colorpicker@0.*

@gradio/colorpicker@0.2.10

@gradio/colorpicker@0.2.7

@gradio/colorpicker@0.2.8

@gradio/colorpicker@0.2.9

@gradio/dataframe@0.*

@gradio/dataframe@0.5.1

@gradio/dataframe@0.6.0

@gradio/dataframe@0.6.1

@gradio/dataframe@0.6.2

@gradio/dataframe@0.6.3

@gradio/dataset@0.*

@gradio/dataset@0.1.18

@gradio/dataset@0.1.19

@gradio/dataset@0.1.20

@gradio/dataset@0.1.21

@gradio/dataset@0.1.22

@gradio/dropdown@0.*

@gradio/dropdown@0.5.1

@gradio/dropdown@0.5.2

@gradio/dropdown@0.6.0

@gradio/dropdown@0.6.1

@gradio/fallback@0.*

@gradio/fallback@0.2.10

@gradio/fallback@0.2.7

@gradio/fallback@0.2.8

@gradio/fallback@0.2.9

@gradio/file@0.*

@gradio/file@0.4.8

@gradio/file@0.4.9

@gradio/file@0.5.0

@gradio/file@0.5.1

@gradio/file@0.5.2

@gradio/fileexplorer@0.*

@gradio/fileexplorer@0.3.19

@gradio/fileexplorer@0.3.20

@gradio/fileexplorer@0.3.21

@gradio/fileexplorer@0.3.22

@gradio/form@0.*

@gradio/form@0.1.10

@gradio/form@0.1.7

@gradio/form@0.1.8

@gradio/form@0.1.9

@gradio/gallery@0.*

@gradio/gallery@0.6.0

@gradio/gallery@0.6.1

@gradio/gallery@0.7.0

@gradio/gallery@0.7.1

@gradio/gallery@0.7.2

@gradio/highlightedtext@0.*

@gradio/highlightedtext@0.4.10

@gradio/highlightedtext@0.4.7

@gradio/highlightedtext@0.4.8

@gradio/highlightedtext@0.4.9

@gradio/html@0.*

@gradio/html@0.1.10

@gradio/html@0.1.7

@gradio/html@0.1.8

@gradio/html@0.1.9

@gradio/icons@0.*

@gradio/icons@0.3.3

@gradio/image@0.*

@gradio/image@0.7.1

@gradio/image@0.8.0

@gradio/image@0.9.0

@gradio/image@0.9.1

@gradio/image@0.9.2

@gradio/imageeditor@0.*

@gradio/imageeditor@0.3.1

@gradio/imageeditor@0.3.2

@gradio/imageeditor@0.4.0

@gradio/imageeditor@0.4.1

@gradio/imageeditor@0.4.2

@gradio/json@0.*

@gradio/json@0.1.10

@gradio/json@0.1.7

@gradio/json@0.1.8

@gradio/json@0.1.9

@gradio/label@0.*

@gradio/label@0.2.10

@gradio/label@0.2.7

@gradio/label@0.2.8

@gradio/label@0.2.9

@gradio/markdown@0.*

@gradio/markdown@0.6.1

@gradio/markdown@0.6.2

@gradio/markdown@0.6.3

@gradio/markdown@0.6.4

@gradio/model3d@0.*

@gradio/model3d@0.5.0

@gradio/model3d@0.6.0

@gradio/model3d@0.7.0

@gradio/model3d@0.8.0

@gradio/model3d@0.8.1

@gradio/number@0.*

@gradio/number@0.3.10

@gradio/number@0.3.7

@gradio/number@0.3.8

@gradio/number@0.3.9

@gradio/paramviewer@0.*

@gradio/paramviewer@0.4.0

@gradio/paramviewer@0.4.1

@gradio/paramviewer@0.4.2

@gradio/paramviewer@0.4.3

@gradio/plot@0.*

@gradio/plot@0.2.7

@gradio/plot@0.3.0

@gradio/plot@0.3.1

@gradio/plot@0.3.2

@gradio/preview@0.*

@gradio/preview@0.7.0

@gradio/radio@0.*

@gradio/radio@0.4.1

@gradio/radio@0.4.2

@gradio/radio@0.4.3

@gradio/radio@0.4.4

@gradio/simpledropdown@0.*

@gradio/simpledropdown@0.1.10

@gradio/simpledropdown@0.1.7

@gradio/simpledropdown@0.1.8

@gradio/simpledropdown@0.1.9

@gradio/simpleimage@0.*

@gradio/simpleimage@0.2.0

@gradio/simpleimage@0.3.0

@gradio/simpleimage@0.3.1

@gradio/simpleimage@0.3.2

@gradio/simpletextbox@0.*

@gradio/simpletextbox@0.1.10

@gradio/simpletextbox@0.1.7

@gradio/simpletextbox@0.1.8

@gradio/simpletextbox@0.1.9

@gradio/slider@0.*

@gradio/slider@0.2.10

@gradio/slider@0.2.7

@gradio/slider@0.2.8

@gradio/slider@0.2.9

@gradio/spaces-test@0.*

@gradio/spaces-test@0.0.1

@gradio/statustracker@0.*

@gradio/statustracker@0.4.4

@gradio/statustracker@0.4.5

@gradio/statustracker@0.4.6

@gradio/statustracker@0.4.7

@gradio/storybook@0.*

@gradio/storybook@0.3.0

@gradio/tabitem@0.*

@gradio/tabitem@0.2.1

@gradio/tabitem@0.2.2

@gradio/tabitem@0.2.3

@gradio/tabs@0.*

@gradio/tabs@0.2.1

@gradio/tabs@0.2.2

@gradio/tabs@0.2.3

@gradio/textbox@0.*

@gradio/textbox@0.4.10

@gradio/textbox@0.4.11

@gradio/textbox@0.4.8

@gradio/textbox@0.4.9

@gradio/tootils@0.*

@gradio/tootils@0.1.8

@gradio/tootils@0.1.9

@gradio/tootils@0.2.0

@gradio/tootils@0.2.1

@gradio/tootils@0.2.2

@gradio/upload@0.*

@gradio/upload@0.7.0

@gradio/upload@0.7.1

@gradio/upload@0.7.2

@gradio/upload@0.7.3

@gradio/upload@0.7.4

@gradio/uploadbutton@0.*

@gradio/uploadbutton@0.4.3

@gradio/uploadbutton@0.4.4

@gradio/uploadbutton@0.4.5

@gradio/uploadbutton@0.4.6

@gradio/uploadbutton@0.4.7

@gradio/utils@0.*

@gradio/utils@0.2.1

@gradio/utils@0.2.2

@gradio/utils@0.3.0

@gradio/video@0.*

@gradio/video@0.5.0

@gradio/video@0.5.1

@gradio/video@0.6.0

@gradio/video@0.6.1

@gradio/video@0.6.2

@gradio/wasm@0.*

@gradio/wasm@0.5.1

@gradio/wasm@0.6.0

gradio@4.*

gradio@4.16.0

gradio@4.17.0

gradio@4.18.0

gradio@4.19.0

gradio@4.19.1

gradio_client@0.*

gradio_client@0.10.0

gradio_client@0.9.0

gradio_test@0.*

gradio_test@0.3.5

gradio_test@0.3.6

gradio_test@0.3.7

website@0.*

website@0.23.0

website@0.23.1

website@0.23.2

website@0.23.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1727.json"