{"id":"CVE-2023-6572","details":"Command Injection in GitHub repository gradio-app/gradio prior to main.","aliases":["GHSA-gqvf-3hgp-5hxv","PYSEC-2023-255"],"modified":"2026-03-20T12:33:51.726199Z","published":"2023-12-14T14:15:46.013Z","references":[{"type":"FIX","url":"https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520"},{"type":"FIX","url":"https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gradio-app/gradio","events":[{"introduced":"0"},{"fixed":"8f69f9ef50d4114f578924fef8bca4cf07b511e4"},{"fixed":"5b5af1899dd98d63e1f9b48a93601c2db1f56520"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.14.0"}]}}],"versions":["@gradio/atoms@0.2.0","@gradio/atoms@0.2.0-beta.6","@gradio/atoms@0.2.1","@gradio/atoms@0.2.2","@gradio/atoms@0.3.0","@gradio/atoms@0.3.1","@gradio/atoms@0.4.0","@gradio/atoms@0.4.1","@gradio/audio@0.4.0","@gradio/audio@0.4.0-beta.9","@gradio/audio@0.4.1","@gradio/audio@0.4.2","@gradio/audio@0.4.3","@gradio/audio@0.5.0","@gradio/audio@0.5.1","@gradio/audio@0.5.2","@gradio/audio@0.5.3","@gradio/audio@0.5.4","@gradio/audio@0.5.5","@gradio/audio@0.6.0","@gradio/audio@0.6.1","@gradio/audio@0.6.2","@gradio/audio@0.6.3","@gradio/audio@0.6.4","@gradio/audio@0.7.0","@gradio/box@0.1.0","@gradio/box@0.1.0-beta.7","@gradio/box@0.1.1","@gradio/box@0.1.2","@gradio/box@0.1.3","@gradio/box@0.1.4","@gradio/box@0.1.5","@gradio/box@0.1.6","@gradio/button@0.2.0","@gradio/button@0.2.0-beta.7","@gradio/button@0.2.1","@gradio/button@0.2.10","@gradio/button@0.2.11","@gradio/button@0.2.12","@gradio/button@0.2.13","@gradio/button@0.2.14","@gradio/button@0.2.15","@gradio/button@0.2.2","@gradio/button@0.2.3","@gradio/button@0.2.4","@gradio/button@0.2.5","@gradio/button@0.2.6","@gradio/button@0.2.7","@gradio/button@0.2.8","@gradio/button@0.2.9","@gradio/chatbot@0.4.0","@gradio/chatbot@0.4.0-beta.9","@gradio/chatbot@0.4.1","@gradio/chatbot@0.4.2","@gradio/chatbot@0.4.3","@gradio/chatbot@0.4.4","@gradio/chatbot@0.4.5","@gradio/chatbot@0.4.6","@gradio/chatbot@0.4.7","@gradio/chatbot@0.4.8","@gradio/chatbot@0.5.0","@gradio/chatbot@0.5.1","@gradio/chatbot@0.5.2","@gradio/chatbot@0.5.3","@gradio/chatbot@0.5.4","@gradio/chatbot@0.5.5","@gradio/chatbot@0.5.6","@gradio/chatbot@0.6.0","@gradio/checkbox@0.2.0","@gradio/checkbox@0.2.0-beta.8","@gradio/checkbox@0.2.1","@gradio/checkbox@0.2.2","@gradio/checkbox@0.2.3","@gradio/checkbox@0.2.4","@gradio/checkbox@0.2.5","@gradio/checkbox@0.2.6","@gradio/checkboxgroup@0.3.0","@gradio/checkboxgroup@0.3.0-beta.8","@gradio/checkboxgroup@0.3.1","@gradio/checkboxgroup@0.3.2","@gradio/checkboxgroup@0.3.3","@gradio/checkboxgroup@0.3.4","@gradio/checkboxgroup@0.3.5","@gradio/checkboxgroup@0.3.6","@gradio/checkboxgroup@0.3.7","@gradio/checkboxgroup@0.3.8","@gradio/client@0.10.0","@gradio/client@0.2.1","@gradio/client@0.3.0","@gradio/client@0.3.1","@gradio/client@0.4.0","@gradio/client@0.4.1","@gradio/client@0.4.2","@gradio/client@0.5.0","@gradio/client@0.5.1","@gradio/client@0.5.2","@gradio/client@0.6.0","@gradio/client@0.7.0","@gradio/client@0.7.0-beta.1","@gradio/client@0.7.1","@gradio/client@0.7.2","@gradio/client@0.8.0","@gradio/client@0.8.1","@gradio/client@0.8.2","@gradio/client@0.9.0","@gradio/client@0.9.1","@gradio/client@0.9.2","@gradio/client@0.9.3","@gradio/client@0.9.4","@gradio/code@0.2.0","@gradio/code@0.2.0-beta.8","@gradio/code@0.2.1","@gradio/code@0.2.2","@gradio/code@0.2.3","@gradio/code@0.2.4","@gradio/code@0.2.5","@gradio/code@0.2.6","@gradio/code@0.2.7","@gradio/code@0.2.8","@gradio/code@0.2.9","@gradio/code@0.3.0","@gradio/code@0.3.1","@gradio/code@0.3.2","@gradio/code@0.3.3","@gradio/code@0.3.4","@gradio/code@0.3.5","@gradio/colorpicker@0.2.0","@gradio/colorpicker@0.2.0-beta.8","@gradio/colorpicker@0.2.1","@gradio/colorpicker@0.2.2","@gradio/colorpicker@0.2.3","@gradio/colorpicker@0.2.4","@gradio/colorpicker@0.2.5","@gradio/colorpicker@0.2.6","@gradio/column@0.1.0","@gradio/column@0.1.0-beta.3","@gradio/dataframe@0.3.0","@gradio/dataframe@0.3.0-beta.8","@gradio/dataframe@0.3.1","@gradio/dataframe@0.3.10","@gradio/dataframe@0.3.11","@gradio/dataframe@0.3.2","@gradio/dataframe@0.3.3","@gradio/dataframe@0.3.4","@gradio/dataframe@0.3.5","@gradio/dataframe@0.3.6","@gradio/dataframe@0.3.7","@gradio/dataframe@0.3.8","@gradio/dataframe@0.3.9","@gradio/dataframe@0.4.0","@gradio/dataframe@0.4.1","@gradio/dataframe@0.4.2","@gradio/dataframe@0.4.3","@gradio/dataframe@0.4.4","@gradio/dataframe@0.4.5","@gradio/dataset@0.1.0","@gradio/dataset@0.1.0-beta.2","@gradio/dataset@0.1.1","@gradio/dataset@0.1.10","@gradio/dataset@0.1.11","@gradio/dataset@0.1.12","@gradio/dataset@0.1.13","@gradio/dataset@0.1.14","@gradio/dataset@0.1.15","@gradio/dataset@0.1.2","@gradio/dataset@0.1.3","@gradio/dataset@0.1.4","@gradio/dataset@0.1.5","@gradio/dataset@0.1.6","@gradio/dataset@0.1.7","@gradio/dataset@0.1.8","@gradio/dataset@0.1.9","@gradio/dropdown@0.3.0","@gradio/dropdown@0.3.0-beta.8","@gradio/dropdown@0.3.1","@gradio/dropdown@0.3.2","@gradio/dropdown@0.3.3","@gradio/dropdown@0.4.0","@gradio/dropdown@0.4.1","@gradio/dropdown@0.4.2","@gradio/dropdown@0.4.3","@gradio/fallback@0.2.0","@gradio/fallback@0.2.0-beta.8","@gradio/fallback@0.2.1","@gradio/fallback@0.2.2","@gradio/fallback@0.2.3","@gradio/fallback@0.2.4","@gradio/fallback@0.2.5","@gradio/fallback@0.2.6","@gradio/file@0.2.0","@gradio/file@0.2.0-beta.8","@gradio/file@0.2.1","@gradio/file@0.2.2","@gradio/file@0.2.3","@gradio/file@0.2.4","@gradio/file@0.2.5","@gradio/file@0.2.6","@gradio/file@0.2.7","@gradio/file@0.3.0","@gradio/file@0.3.1","@gradio/file@0.4.0","@gradio/file@0.4.1","@gradio/file@0.4.2","@gradio/file@0.4.3","@gradio/file@0.4.4","@gradio/file@0.4.5","@gradio/form@0.1.0","@gradio/form@0.1.0-beta.7","@gradio/form@0.1.1","@gradio/form@0.1.2","@gradio/form@0.1.3","@gradio/form@0.1.4","@gradio/form@0.1.5","@gradio/form@0.1.6","@gradio/gallery@0.4.0","@gradio/gallery@0.4.0-beta.9","@gradio/gallery@0.4.1","@gradio/gallery@0.4.10","@gradio/gallery@0.4.11","@gradio/gallery@0.4.12","@gradio/gallery@0.4.13","@gradio/gallery@0.4.14","@gradio/gallery@0.4.15","@gradio/gallery@0.4.16","@gradio/gallery@0.4.2","@gradio/gallery@0.4.3","@gradio/gallery@0.4.4","@gradio/gallery@0.4.5","@gradio/gallery@0.4.6","@gradio/gallery@0.4.7","@gradio/gallery@0.4.8","@gradio/gallery@0.4.9","@gradio/group@0.1.0","@gradio/group@0.1.0-beta.2","@gradio/highlightedtext@0.4.0","@gradio/highlightedtext@0.4.0-beta.8","@gradio/highlightedtext@0.4.1","@gradio/highlightedtext@0.4.2","@gradio/highlightedtext@0.4.3","@gradio/highlightedtext@0.4.4","@gradio/highlightedtext@0.4.5","@gradio/highlightedtext@0.4.6","@gradio/html@0.1.0","@gradio/html@0.1.0-beta.8","@gradio/html@0.1.1","@gradio/html@0.1.2","@gradio/html@0.1.3","@gradio/html@0.1.4","@gradio/html@0.1.5","@gradio/html@0.1.6","@gradio/icons@0.2.0","@gradio/icons@0.2.0-beta.3","@gradio/icons@0.2.1","@gradio/icons@0.3.0","@gradio/icons@0.3.1","@gradio/icons@0.3.2","@gradio/image@0.3.0","@gradio/image@0.3.0-beta.9","@gradio/image@0.3.1","@gradio/image@0.3.2","@gradio/image@0.3.3","@gradio/image@0.3.4","@gradio/image@0.3.5","@gradio/image@0.3.6","@gradio/image@0.4.0","@gradio/image@0.4.1","@gradio/image@0.4.2","@gradio/image@0.5.0","@gradio/image@0.5.1","@gradio/image@0.5.2","@gradio/image@0.5.3","@gradio/image@0.5.4","@gradio/image@0.6.0","@gradio/imageeditor@0.0.1","@gradio/imageeditor@0.1.0","@gradio/imageeditor@0.1.1","@gradio/imageeditor@0.1.2","@gradio/imageeditor@0.1.3","@gradio/imageeditor@0.1.4","@gradio/imageeditor@0.1.5","@gradio/imageeditor@0.2.0","@gradio/imageeditor@0.2.1","@gradio/imageeditor@0.2.2","@gradio/json@0.1.0","@gradio/json@0.1.0-beta.8","@gradio/json@0.1.1","@gradio/json@0.1.2","@gradio/json@0.1.3","@gradio/json@0.1.4","@gradio/json@0.1.5","@gradio/json@0.1.6","@gradio/label@0.2.0","@gradio/label@0.2.0-beta.8","@gradio/label@0.2.1","@gradio/label@0.2.2","@gradio/label@0.2.3","@gradio/label@0.2.4","@gradio/label@0.2.5","@gradio/label@0.2.6","@gradio/lite@0.3.1","@gradio/lite@0.3.2","@gradio/lite@0.4.0","@gradio/lite@0.4.1","@gradio/lite@0.4.2","@gradio/lite@0.4.3","@gradio/markdown@0.3.0","@gradio/markdown@0.3.0-beta.8","@gradio/markdown@0.3.1","@gradio/markdown@0.3.2","@gradio/markdown@0.3.3","@gradio/markdown@0.3.4","@gradio/markdown@0.4.0","@gradio/markdown@0.4.1","@gradio/markdown@0.5.0","@gradio/markdown@0.6.0","@gradio/model3d@0.3.0","@gradio/model3d@0.3.0-beta.8","@gradio/model3d@0.3.1","@gradio/model3d@0.4.0","@gradio/model3d@0.4.1","@gradio/model3d@0.4.10","@gradio/model3d@0.4.11","@gradio/model3d@0.4.12","@gradio/model3d@0.4.13","@gradio/model3d@0.4.2","@gradio/model3d@0.4.3","@gradio/model3d@0.4.4","@gradio/model3d@0.4.5","@gradio/model3d@0.4.6","@gradio/model3d@0.4.7","@gradio/model3d@0.4.8","@gradio/model3d@0.4.9","@gradio/number@0.3.0","@gradio/number@0.3.0-beta.8","@gradio/number@0.3.1","@gradio/number@0.3.2","@gradio/number@0.3.3","@gradio/number@0.3.4","@gradio/number@0.3.5","@gradio/number@0.3.6","@gradio/plot@0.2.0","@gradio/plot@0.2.0-beta.8","@gradio/plot@0.2.1","@gradio/plot@0.2.2","@gradio/plot@0.2.3","@gradio/plot@0.2.4","@gradio/plot@0.2.5","@gradio/plot@0.2.6","@gradio/preview@0.1.0","@gradio/preview@0.1.0-beta.8","@gradio/preview@0.1.1","@gradio/preview@0.2.0","@gradio/preview@0.2.1","@gradio/preview@0.2.2","@gradio/preview@0.3.0","@gradio/preview@0.4.0","@gradio/preview@0.5.0","@gradio/preview@0.6.0","@gradio/radio@0.3.0","@gradio/radio@0.3.0-beta.8","@gradio/radio@0.3.1","@gradio/radio@0.3.2","@gradio/radio@0.3.3","@gradio/radio@0.3.4","@gradio/radio@0.3.5","@gradio/radio@0.3.6","@gradio/radio@0.3.7","@gradio/row@0.1.0","@gradio/row@0.1.0-beta.2","@gradio/row@0.1.1","@gradio/simpledropdown@0.1.0","@gradio/simpledropdown@0.1.0-beta.3","@gradio/simpledropdown@0.1.1","@gradio/simpledropdown@0.1.2","@gradio/simpledropdown@0.1.3","@gradio/simpledropdown@0.1.4","@gradio/simpledropdown@0.1.5","@gradio/simpledropdown@0.1.6","@gradio/simpletextbox@0.1.0","@gradio/simpletextbox@0.1.0-beta.2","@gradio/simpletextbox@0.1.1","@gradio/simpletextbox@0.1.2","@gradio/simpletextbox@0.1.3","@gradio/simpletextbox@0.1.4","@gradio/simpletextbox@0.1.5","@gradio/simpletextbox@0.1.6","@gradio/slider@0.2.0","@gradio/slider@0.2.0-beta.8","@gradio/slider@0.2.1","@gradio/slider@0.2.2","@gradio/slider@0.2.3","@gradio/slider@0.2.4","@gradio/slider@0.2.5","@gradio/slider@0.2.6","@gradio/state@0.1.0","@gradio/state@0.1.0-beta.2","@gradio/statustracker@0.3.0","@gradio/statustracker@0.3.0-beta.8","@gradio/statustracker@0.3.1","@gradio/statustracker@0.3.2","@gradio/statustracker@0.4.0","@gradio/statustracker@0.4.1","@gradio/statustracker@0.4.2","@gradio/statustracker@0.4.3","@gradio/tabitem@0.1.0","@gradio/tabitem@0.1.0-beta.8","@gradio/tabs@0.1.0","@gradio/tabs@0.1.0-beta.8","@gradio/textbox@0.4.0","@gradio/textbox@0.4.0-beta.8","@gradio/textbox@0.4.1","@gradio/textbox@0.4.2","@gradio/textbox@0.4.3","@gradio/textbox@0.4.4","@gradio/textbox@0.4.5","@gradio/textbox@0.4.6","@gradio/textbox@0.4.7","@gradio/theme@0.2.0","@gradio/theme@0.2.0-beta.2","@gradio/tooltip@0.1.0","@gradio/tooltip@0.1.0-beta.2","@gradio/tootils@0.1.0","@gradio/tootils@0.1.0-beta.7","@gradio/tootils@0.1.1","@gradio/tootils@0.1.2","@gradio/tootils@0.1.3","@gradio/tootils@0.1.4","@gradio/tootils@0.1.5","@gradio/tootils@0.1.6","@gradio/tootils@0.1.7","@gradio/upload@0.3.0","@gradio/upload@0.3.0-beta.6","@gradio/upload@0.3.1","@gradio/upload@0.3.2","@gradio/upload@0.3.3","@gradio/upload@0.4.0","@gradio/upload@0.4.1","@gradio/upload@0.4.2","@gradio/upload@0.5.0","@gradio/upload@0.5.1","@gradio/upload@0.5.2","@gradio/upload@0.5.3","@gradio/upload@0.5.4","@gradio/upload@0.5.5","@gradio/upload@0.5.6","@gradio/upload@0.5.7","@gradio/upload@0.5.8","@gradio/uploadbutton@0.1.0","@gradio/uploadbutton@0.1.0-beta.7","@gradio/uploadbutton@0.1.1","@gradio/uploadbutton@0.1.2","@gradio/uploadbutton@0.1.3","@gradio/uploadbutton@0.1.4","@gradio/uploadbutton@0.1.5","@gradio/uploadbutton@0.2.0","@gradio/uploadbutton@0.2.1","@gradio/uploadbutton@0.2.2","@gradio/uploadbutton@0.3.0","@gradio/uploadbutton@0.3.1","@gradio/uploadbutton@0.3.2","@gradio/uploadbutton@0.3.3","@gradio/uploadbutton@0.3.4","@gradio/uploadbutton@0.3.5","@gradio/uploadbutton@0.4.0","@gradio/utils@0.2.0","@gradio/utils@0.2.0-beta.6","@gradio/video@0.1.0","@gradio/video@0.1.0-beta.9","@gradio/video@0.1.1","@gradio/video@0.1.2","@gradio/video@0.1.3","@gradio/video@0.1.4","@gradio/video@0.1.5","@gradio/video@0.1.6","@gradio/video@0.1.7","@gradio/video@0.1.8","@gradio/video@0.1.9","@gradio/video@0.2.0","@gradio/video@0.2.1","@gradio/video@0.2.2","@gradio/video@0.2.3","@gradio/video@0.2.4","@gradio/video@0.3.0","@gradio/wasm@0.2.0","@gradio/wasm@0.2.0-beta.2","@gradio/wasm@0.3.0","@gradio/wasm@0.4.0","@gradio/wasm@0.4.1","gradio@3.41.0","gradio@3.41.1","gradio@3.41.2","gradio@3.42.0","gradio@3.43.0","gradio@3.43.1","gradio@3.43.2","gradio@3.44.0","gradio@3.44.1","gradio@3.44.2","gradio@3.44.3","gradio@3.44.4","gradio@3.45.0","gradio@3.45.1","gradio@3.45.2","gradio@3.46.0","gradio@3.46.1","gradio@3.47.0","gradio@3.47.1","gradio@3.48.0","gradio@3.49.0","gradio@3.50.0","gradio@3.50.1","gradio@3.50.2","gradio@4.0.0","gradio@4.0.0-beta.15","gradio@4.0.1","gradio@4.0.2","gradio@4.1.0","gradio@4.1.1","gradio@4.1.2","gradio@4.10.0","gradio@4.11.0","gradio@4.12.0","gradio@4.13.0","gradio@4.2.0","gradio@4.3.0","gradio@4.4.0","gradio@4.4.1","gradio@4.5.0","gradio@4.6.0","gradio@4.7.0","gradio@4.8.0","gradio@4.9.0","gradio@4.9.1","gradio_client@0.5.0","gradio_client@0.5.1","gradio_client@0.5.2","gradio_client@0.5.3","gradio_client@0.6.0","gradio_client@0.6.1","gradio_client@0.7.0","gradio_client@0.7.0-beta.2","gradio_client@0.7.1","gradio_client@0.7.2","gradio_client@0.7.3","gradio_client@0.8.0","v2.3.6","v2.4.0","v2.6.0","v2.7.1","v2.7.5","v2.8.1","v2.9.0","v3.0","v3.0.1b120","v3.0.1b121","v3.0.1b123","v3.0.1b150","v3.0.1b300","v3.0.25","v3.0.26","v3.1.0","v3.1.1","v3.1.3","v3.1.3a","v3.1.3a2","v3.1.3a3","v3.1.4","v3.1.4b","v3.1.4b1","v3.1.4b2","v3.1.4b3","v3.1.5","v3.1.6","v3.1.7","v3.1.8b","v3.10.0","v3.10.1","v3.11.0","v3.12.0","v3.12.0b1","v3.12.0b2","v3.12.0b3","v3.12.0b6","v3.12.0b7","v3.13.0","v3.13.0b1","v3.13.1","v3.13.1b0","v3.13.1b1","v3.13.1b2","v3.13.2","v3.14.0","v3.14.0a1","v3.15.0","v3.16.0","v3.16.1","v3.16.1b1","v3.16.2","v3.17.0","v3.17.1","v3.17.1b1","v3.17.1b2","v3.18.0","v3.18.1b1","v3.18.1b2","v3.18.1b3","v3.18.1b4","v3.18.1b5","v3.18.1b6","v3.18.1b7","v3.19.0","v3.19.1","v3.2","v3.2.1b0","v3.2.1b1","v3.2.1b2","v3.20.0","v3.20.0b2","v3.20.1","v3.21.0","v3.22.0","v3.22.1","v3.22.1b1","v3.23.0","v3.23.1b1","v3.23.1b2","v3.23.1b3","v3.24.0","v3.24.1","v3.25.0","v3.25.1b1","v3.25.1b2","v3.26.0","v3.27.0","v3.28.0","v3.28.1","v3.28.2","v3.28.3","v3.28.4b0","v3.29.0","v3.3","v3.3.1","v3.3.b0","v3.30.0","v3.31.0","v3.32.0","v3.33.0","v3.33.1","v3.34.0","v3.35.0","v3.35.1","v3.35.2","v3.36.0","v3.36.1","v3.37.0","v3.38.0","v3.39.0","v3.3b1","v3.4","v3.4.1","v3.40.0","v3.40.1","v3.41.0","v3.4b0","v3.4b1","v3.4b2","v3.4b3","v3.4b5","v3.5","v3.6","v3.6.0b1","v3.6.0b10","v3.6.0b2","v3.6.0b3","v3.6.0b7","v3.7","v3.8","v3.8.1","v3.8.1dev1","v3.8.2","v3.8b1","v3.8b2","v3.9","v3.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6572.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}