Name of the Vulnerable Software and Affected Versions Gradio versions prior to 5.0

Description This issue is a data validation problem in the Gradio Dropdown component's pre-processing step. It allows attackers to bypass input constraints by sending custom requests with arbitrary values, even when the allow custom value parameter is set to False. This can lead to more critical security issues when combined with other vulnerabilities.

Recommendations For versions prior to 5.0, upgrade to the latest version to resolve the problem. As a temporary workaround, consider adding manual validation in the prediction function to check received values against allowed dropdown values before processing them.