CVE-2023-34239

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 3.34.0

Description Gradio, an open-source Python library for building machine learning and data science applications, has issues with path filtering and URL proxying. This allows users to access arbitrary files on machines running shared Gradio apps and use these machines to proxy arbitrary URLs. The problems have been addressed in version 3.34.0.

Recommendations For Gradio versions prior to 3.34.0, upgrade to version 3.34.0 or higher to resolve the issue. As a temporary workaround, consider taking down any shared Gradio apps until the upgrade is applied.