Kmulka-Bloomberg

**Name of the Vulnerable Software and Affected Versions** Gradio version 4.36.1 **Description** A code injection issue was discovered in Gradio via the component /gradio/component meta.py. This issue is triggered by a crafted input. Note that the supplier disputes this report as it involves a user attacking themselves. **Recommendations** For Gradio version 4.36.1, consider disabling the component /gradio/component meta.py as a temporary workaround until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using crafted inputs that could trigger this issue until it is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.