AI PRP: Request Gradio Arbitrary File Read CVE-2024-1728

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

872 stars 176 forks source link

AI PRP: Request Gradio Arbitrary File Read CVE-2024-1728 #454

Open frkngksl opened 6 months ago

frkngksl commented 6 months ago

Hi, I want to add a plugin for new Arbitrary File Read Vulnerability which is CVE-2024-1728 in Gardio.

Vulnerability Detail: Every Gradio instance utilizing the UploadButton component is vulnerable to a local file inclusion vulnerability that gives attackers the ability to read any arbitrary file on the filesystem.

Fixed Version: 4.19.2

Reference: https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a