{"id":"PYSEC-2023-255","details":"Command Injection in GitHub repository gradio-app/gradio prior to main.","aliases":["CVE-2023-6572","GHSA-gqvf-3hgp-5hxv"],"modified":"2024-02-28T19:26:49.994142Z","published":"2023-12-14T14:15:00Z","references":[{"type":"WEB","url":"https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c"},{"type":"FIX","url":"https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520"}],"affected":[{"package":{"name":"gradio","ecosystem":"PyPI","purl":"pkg:pypi/gradio"},"ranges":[{"type":"GIT","repo":"https://github.com/gradio-app/gradio","events":[{"introduced":"0"},{"fixed":"5b5af1899dd98d63e1f9b48a93601c2db1f56520"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.0"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.4.0","0.4.1","0.4.2","0.4.4","0.5.0","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.8.0","0.8.1","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9.2","0.9.9.3","0.9.9.5","0.9.9.6","0.9.9.7","0.9.9.8","0.9.9.9","0.9.9.9.2","1.0.0","1.0.0a1","1.0.0a3","1.0.0a4","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.8","1.1.8.1","1.1.9","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.4.0","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","2.0.0","2.0.1","2.0.10","2.0.2","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.2","2.1.4","2.1.6","2.1.7","2.2.0","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9a0","2.2.9a2","2.3.0","2.3.0a0","2.3.0b101","2.3.0b102","2.3.0b99","2.3.3","2.3.4","2.3.5","2.3.5b0","2.3.6","2.3.7","2.3.7b0","2.3.7b1","2.3.7b2","2.3.8b0","2.3.9","2.4.0","2.4.0a0","2.4.1","2.4.2","2.4.4","2.4.5","2.4.6","2.4.7b0","2.4.7b2","2.4.7b3","2.4.7b4","2.4.7b5","2.4.7b6","2.4.7b7","2.4.7b8","2.4.7b9","2.5.0","2.5.1","2.5.2","2.5.3","2.5.8a0","2.6.0","2.6.1","2.6.1a0","2.6.1b0","2.6.1b3","2.6.2","2.6.3","2.6.4","2.6.4b0","2.6.4b2","2.6.4b3","2.7.0","2.7.0a101","2.7.0a102","2.7.0b70","2.7.5","2.7.5.1","2.7.5.2","2.7.5.2b0","2.8.0","2.8.0a100","2.8.0b0","2.8.0b10","2.8.0b12","2.8.0b2","2.8.0b20","2.8.0b22","2.8.0b3","2.8.0b4","2.8.0b5","2.8.0b6","2.8.1","2.8.10","2.8.11","2.8.12","2.8.13","2.8.14","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.9.0","2.9.0.1","2.9.0b0","2.9.0b1","2.9.0b10","2.9.0b2","2.9.0b3","2.9.0b5","2.9.0b6","2.9.0b7","2.9.0b8","2.9.0b9","2.9.1","2.9.2","2.9.3","2.9.4","2.9b11","2.9b12","2.9b13","2.9b14","2.9b15","2.9b20","2.9b21","2.9b22","2.9b23","2.9b24","2.9b25","2.9b26","2.9b27","2.9b28","2.9b30","2.9b31","2.9b32","2.9b33","2.9b40","2.9b48","2.9b50","3.0","3.0.1","3.0.10","3.0.10b16","3.0.10b2","3.0.11","3.0.11b1","3.0.12","3.0.13","3.0.13b100","3.0.13b13","3.0.13b15","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.0.18b0","3.0.19","3.0.19b0","3.0.19b1","3.0.19b2","3.0.1b120","3.0.1b121","3.0.1b300","3.0.2","3.0.20","3.0.20.dev0","3.0.21","3.0.22","3.0.23","3.0.23.dev1","3.0.24","3.0.25","3.0.26","3.0.3","3.0.4","3.0.5","3.0.6","3.0.6b1","3.0.6b2","3.0.6b3","3.0.7","3.0.8","3.0.8b1","3.0.9","3.0.9b10","3.0.9b11","3.0.9b20","3.0b0","3.0b1","3.0b10","3.0b2","3.0b5","3.0b6","3.0b8","3.0b9","3.1.0","3.1.1","3.1.2","3.1.3","3.1.3a0","3.1.3a2","3.1.3a3","3.1.3a4","3.1.3a5","3.1.4","3.1.4b0","3.1.4b1","3.1.4b2","3.1.4b3","3.1.4b4","3.1.4b5","3.1.5","3.1.5b1","3.1.5b10","3.1.5b2","3.1.5b3","3.1.5b4","3.1.5b5","3.1.5b7","3.1.5b8","3.1.5b9","3.1.6","3.1.6b1","3.1.7","3.1.8b0","3.1.8b2","3.1.8b3","3.1.8b4","3.1.8b6","3.10.0","3.10.1","3.11.0","3.12.0","3.12.0b1","3.12.0b2","3.12.0b3","3.12.0b6","3.12.0b7","3.13.0","3.13.0b1","3.13.1","3.13.1b0","3.13.1b1","3.13.1b2","3.13.2","3.14.0","3.14.0a1","3.15.0","3.16.0","3.16.1","3.16.1b1","3.16.2","3.17.0","3.17.1","3.17.1b1","3.17.1b2","3.18.0","3.18.1b1","3.18.1b2","3.18.1b3","3.18.1b4","3.18.1b5","3.18.1b6","3.18.1b7","3.19.0","3.19.1","3.2","3.2.1b0","3.2.1b1","3.2.1b2","3.20.0","3.20.0b1","3.20.0b2","3.20.1","3.21.0","3.22.0","3.22.1","3.22.1b1","3.23.0","3.23.1b1","3.23.1b2","3.23.1b3","3.24.0","3.24.1","3.25.0","3.25.1b1","3.25.1b2","3.26.0","3.27.0","3.28.0","3.28.1","3.28.2","3.28.3","3.28.4b0","3.29.0","3.3","3.3.1","3.30.0","3.31.0","3.32.0","3.33.0","3.33.1","3.34.0","3.35.0","3.35.1","3.35.2","3.36.0","3.36.1","3.37.0","3.38.0","3.39.0","3.3b0","3.3b1","3.4","3.4.1","3.40.0","3.40.1","3.41.0","3.41.1","3.41.2","3.42.0","3.43.0","3.43.1","3.43.2","3.44.0","3.44.1","3.44.2","3.44.3","3.44.4","3.45.0","3.45.0b0","3.45.0b1","3.45.0b10","3.45.0b11","3.45.0b12","3.45.0b13","3.45.0b2","3.45.0b3","3.45.0b4","3.45.0b5","3.45.0b6","3.45.0b7","3.45.0b8","3.45.0b9","3.45.1","3.45.2","3.46.0","3.46.1","3.47.0","3.47.1","3.48.0","3.49.0","3.4b0","3.4b1","3.4b2","3.4b3","3.4b5","3.5","3.50.0","3.50.1","3.50.2","3.6","3.6.0b1","3.6.0b10","3.6.0b2","3.6.0b3","3.6.0b7","3.7","3.8","3.8.1","3.8.1.dev1","3.8.2","3.8b1","3.8b2","3.9","3.9.1","4.0.0","4.0.0b15","4.0.1","4.0.2","4.1.0","4.1.1","4.1.2","4.10.0","4.11.0","4.12.0","4.13.0","4.2.0","4.3.0","4.4.0","4.4.1","4.5.0","4.7.0","4.7.1","4.8.0","4.9.0","4.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2023-255.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}