Greg Sadetsky

**Name of the Vulnerable Software and Affected Versions** Gradio versions prior to 3.13.1 **Description** Gradio is an open-source Python library to build machine learning and data science demos and web applications. When using Gradio's share links by setting `share=True`, a private SSH key is sent to any user that connects to the Gradio machine. This allows a user to access other users' shared Gradio demos, potentially leading to further exploits depending on the level of access or exposure the Gradio app provides. **Recommendations** For Gradio versions prior to 3.13.1, update to version 3.19.1 or later, where the FRP solution has been properly tested. As a temporary workaround, consider disabling the share links feature by setting `share=False` until a patch is applied. Restrict access to shared Gradio demos to minimize the risk of exploitation. Avoid using the `share=True` parameter in Gradio apps until the issue is resolved.