gradio-3.4b2-py3-none-any.whl: 29 vulnerabilities (highest severity is: 9.8)

[mend-bolt-for-github]

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (gradio version)	Remediation Possible**
CVE-2024-47167	Critical	9.8	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-0964	Critical	9.4	gradio-3.4b2-py3-none-any.whl	Direct	4.9.0	❌
CVE-2024-47871	Critical	9.1	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-4325	High	8.6	gradio-3.4b2-py3-none-any.whl	Direct	4.23.0	❌
CVE-2024-1540	High	8.6	gradio-3.4b2-py3-none-any.whl	Direct	4.18.0	❌
CVE-2024-47084	High	8.3	gradio-3.4b2-py3-none-any.whl	Direct	4.44.0	❌
CVE-2024-47870	High	8.1	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2025-23042	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	gradio - 5.11.0	❌
CVE-2024-4941	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	4.23.0	❌
CVE-2024-47868	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-47867	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-34510	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	4.20.0	❌
CVE-2024-1728	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	4.19.2	❌
CVE-2024-1561	High	7.5	gradio-3.4b2-py3-none-any.whl	Direct	4.13.0	❌
CVE-2024-2206	High	7.3	gradio-3.4b2-py3-none-any.whl	Direct	4.18.0	❌
CVE-2023-34239	High	7.3	gradio-3.4b2-py3-none-any.whl	Direct	3.33.0	❌
CVE-2024-48052	Medium	6.5	gradio-3.4b2-py3-none-any.whl	Direct	4.43.0	❌
CVE-2024-47164	Medium	6.5	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-1183	Medium	6.5	gradio-3.4b2-py3-none-any.whl	Direct	4.11.0	❌
CVE-2024-1729	Medium	5.9	gradio-3.4b2-py3-none-any.whl	Direct	4.19.2	❌
CVE-2023-51449	Medium	5.6	gradio-3.4b2-py3-none-any.whl	Direct	4.11.0	❌
CVE-2024-4940	Medium	5.4	gradio-3.4b2-py3-none-any.whl	Direct	N/A	❌
CVE-2024-47872	Medium	5.4	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2024-47165	Medium	5.4	gradio-3.4b2-py3-none-any.whl	Direct	5.0.0	❌
CVE-2023-25823	Medium	5.4	gradio-3.4b2-py3-none-any.whl	Direct	3.13.1	❌
CVE-2024-47166	Medium	5.3	gradio-3.4b2-py3-none-any.whl	Direct	4.44.0	❌
CVE-2024-47168	Medium	4.3	gradio-3.4b2-py3-none-any.whl	Direct	4.44.0	❌
CVE-2024-1727	Medium	4.3	gradio-3.4b2-py3-none-any.whl	Direct	4.19.2	❌
CVE-2024-47869	Low	3.7	gradio-3.4b2-py3-none-any.whl	Direct	4.44.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (20 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2024-47167

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to gradio>=5 to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.

Publish Date: 2024-10-10

URL: CVE-2024-47167

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-576c-3j53-r9jj

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2024-0964

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

Publish Date: 2024-02-05

URL: CVE-2024-0964

CVSS 3 Score Details (9.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-02-05

Fix Resolution: 4.9.0

Step up your Open Source Security Game with Mend here

CVE-2024-47871

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP (Fast Reverse Proxy) client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using share=True without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to gradio>=5 to address this issue. As a workaround, users can avoid using share=True in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.

Publish Date: 2024-10-10

URL: CVE-2024-47871

CVSS 3 Score Details (9.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2024-4325

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers.

Publish Date: 2024-06-06

URL: CVE-2024-4325

CVSS 3 Score Details (8.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-4325

Release Date: 2024-06-06

Fix Resolution: 4.23.0

Step up your Open Source Security Game with Mend here

CVE-2024-1540

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized modification of the base repository or secrets exfiltration. The issue arises from the unsafe handling of GitHub context information within a run operation, where expressions inside ${{ }} are evaluated and substituted before script execution. Remediation involves setting untrusted input values to intermediate environment variables to prevent direct influence on script generation.

Publish Date: 2024-03-27

URL: CVE-2024-1540

CVSS 3 Score Details (8.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-1540

Release Date: 2024-03-27

Fix Resolution: 4.18.0

Step up your Open Source Security Game with Mend here

CVE-2024-47084

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to gradio>4.44 to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the CustomCORSMiddleware class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.

Publish Date: 2024-10-10

URL: CVE-2024-47084

CVSS 3 Score Details (8.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3c67-5hwx-f6wx

Release Date: 2024-10-10

Fix Resolution: 4.44.0

Step up your Open Source Security Game with Mend here

CVE-2024-47870

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the update_root_in_config function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to gradio>=5 to address this issue. There are no known workarounds for this issue.

Publish Date: 2024-10-10

URL: CVE-2024-47870

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2025-23042

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Publish Date: 2025-01-14

URL: CVE-2025-23042

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j2jg-fq62-7c3h

Release Date: 2025-01-14

Fix Resolution: gradio - 5.11.0

Step up your Open Source Security Game with Mend here

CVE-2024-4941

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a path key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the /file=.. endpoint. This issue is due to the processing_utils.move_files_to_cache() function traversing any object passed to it, looking for a dictionary with a path key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk.

Publish Date: 2024-06-06

URL: CVE-2024-4941

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-4941

Release Date: 2024-06-06

Fix Resolution: 4.23.0

Step up your Open Source Security Game with Mend here

CVE-2024-47868

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. String to FileData: DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. Complex data to FileData: Chatbot, MultimodalTextbox. 3. Direct file read in preprocess: Code. 4. Dictionary converted to FileData: ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like /etc/passwd), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in gradio>5.0. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.

Publish Date: 2024-10-10

URL: CVE-2024-47868

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2024-47867

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.

Publish Date: 2024-10-10

URL: CVE-2024-47867

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2024-34510

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio before 4.20 allows credential leakage on Windows.

Publish Date: 2024-05-05

URL: CVE-2024-34510

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-05-05

Fix Resolution: 4.20.0

Step up your Open Source Security Game with Mend here

CVE-2024-1728

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the /queue/join endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.

Publish Date: 2024-04-10

URL: CVE-2024-1728

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-1728

Release Date: 2024-04-10

Fix Resolution: 4.19.2

Step up your Open Source Security Game with Mend here

CVE-2024-1561

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.

Publish Date: 2024-04-16

URL: CVE-2024-1561

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-1561

Release Date: 2024-04-16

Fix Resolution: 4.13.0

Step up your Open Source Security Game with Mend here

CVE-2024-2206

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the build_proxy_request function.

Publish Date: 2024-03-27

URL: CVE-2024-2206

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-2206

Release Date: 2024-03-27

Fix Resolution: 4.18.0

Step up your Open Source Security Game with Mend here

CVE-2023-34239

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Publish Date: 2023-06-07

URL: CVE-2023-34239

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3qqg-pgqq-3695

Release Date: 2023-06-07

Fix Resolution: 3.33.0

Step up your Open Source Security Game with Mend here

CVE-2024-48052

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

Publish Date: 2024-11-04

URL: CVE-2024-48052

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-48052

Release Date: 2024-11-04

Fix Resolution: 4.43.0

Step up your Open Source Security Game with Mend here

CVE-2024-47164

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the is_in_or_equal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using .. (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to gradio>=5.0 to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the is_in_or_equal function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of .. sequences or malformed paths.

Publish Date: 2024-10-10

URL: CVE-2024-47164

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-77xq-6g77-h274

Release Date: 2024-10-10

Fix Resolution: 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2024-1183

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Publish Date: 2024-04-16

URL: CVE-2024-1183

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-1183

Release Date: 2024-04-16

Fix Resolution: 4.11.0

Step up your Open Source Security Game with Mend here

CVE-2024-1729

Vulnerable Library - gradio-3.4b2-py3-none-any.whl

Python library for easily interacting with trained machine learning models

Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a284a2eebeb7b978107c47e8d63abf4152a38326034e3a435f9d7e/gradio-3.4b2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

• ❌ gradio-3.4b2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c

Found in base branch: main

Vulnerability Details

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (app.auth[username] == password) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access.

Publish Date: 2024-03-29

URL: CVE-2024-1729

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hmx6-r76c-85g9

Release Date: 2024-03-29

Fix Resolution: 4.19.2

Step up your Open Source Security Game with Mend here

[secure-code-warrior-for-github]

Micro-Learning Topic: Hard-coded credential (Detected by phrase)

Matched on "Hard-coded Credential"

What is this? (2min video)

This vulnerability occurs when the keys used for performing the encryption are not secured properly. This could be because the keys are hard coded in the app and remain same throughout the application life cycle and for each version installed on different devices. The use of a hard coded cryptographic key tremendously increases the probability that encrypted data may be recovered.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Library"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior

[secure-code-warrior-for-github]

Micro-Learning Topic: Timing attack (Detected by phrase)

Matched on "timing attack"

What is this? (2min video)

This vulnerability manifests when the difference in response times from a given process can expose sensitive information or change the flow of a given process. For example, in a semi-controlled environment (where response times should be even under regular circumstances) this could be used to identify whether or not certain data is present in a given data storage.

Try a challenge in Secure Code Warrior

[secure-code-warrior-for-github]

Micro-Learning Topic: OS command injection (Detected by phrase)

Matched on "command injection"

What is this? (2min video)

In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Command Injection - OWASP community page with comprehensive information about command injection, and links to various OWASP resources to help detect or prevent it.
• OWASP testing for Command Injection - This article is focused on providing testing techniques for identifying command injection flaws in your applications

Micro-Learning Topic: Cross-site request forgery (Detected by phrase)

Matched on "Cross-Site Request Forgery"

What is this? (2min video)

Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.

Try a challenge in Secure Code Warrior

Helpful references

• Securing Rails Applications - Cross-Site Request Forgery (CSRF) - A Rails Guide that describes common security problems in web applications and how to avoid them with Rails.
• Spring Security - Cross Site Request Forgery (CSRF) - A Spring Security article that describes Spring support for protecting against Cross Site Request Forgery attacks.
• csurf Node.js CSRF protection middleware - Documentation on CSRF protection provided by the csurf middleware for Express.
• XSRF/CSRF Prevention in ASP.NET MVC and Web Pages - A detailed Microsoft article on how to prevent cross-site request forgery in ASP.NET MVC and Web Pages.
• Django Documentation - Cross Site Request Forgery protection - Documentation on CSRF protection provided by the Django framework.
• OWASP Cross-Site Request Forgery Prevention Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing cross-site request forgery flaws in your applications.
• Laravel Docs - CSRF Protection - Documentation on CSRF protection provided by the Laravel framework.
• OWASP Cross Site Request Forgery (CSRF) - OWASP community page with comprehensive information about cross-site request forgery, and links to various OWASP resources to help detect or prevent it.
• Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET MVC Application - A detailed Microsoft article on how to prevent cross-site request forgery in ASP.NET MVC.

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "denial of service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Server-side request forgery (Detected by phrase)

Matched on "SSRF"

What is this? (2min video)

Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.

Try a challenge in Secure Code Warrior

[secure-code-warrior-for-github]

Micro-Learning Topic: Local file inclusion (Detected by phrase)

Matched on "local file inclusion"

What is this? (2min video)

A local file inclusion vulnerability is caused by an insecure method of including or importing a file within an application. An attacker that works out how to control what file is included or imported may be able to execute code that they should not have access to or access resources without authorization.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP testing for Local File Inclusion - This article is focused on providing testing techniques for identifying local file inclusion flaws in your applications

[secure-code-warrior-for-github]

Micro-Learning Topic: Weak input validation (Detected by phrase)

Matched on "improper input validation"

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Top Ten 2021 A03: Injection - OWASP Top Ten articles provide basic techniques to protect against these high risk problem areas, and guidance on where to go next.
• OWASP Injection Prevention Cheat Sheet in Java - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your Java applications.
• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications.
• OWASP Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your applications.
• OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs - Detailed article on input validation as a programming technique for ensuring that only properly formatted data may enter a software system component.

[secure-code-warrior-for-github]

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "Cross-site Scripting"

What is this? (2min video)

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references

• Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
• OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
• OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.

Micro-Learning Topic: Open redirect (Detected by phrase)

Matched on "open redirect"

What is this? (2min video)

This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Unvalidated Redirects and Forwards Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing redirection and forwarding flaws in your applications.
• Preventing Open Redirection Attacks (C#) - A detailed Microsoft article on how to prevent open redirection vulnerabilities in ASP.NET MVC.

[secure-code-warrior-for-github]

Micro-Learning Topic: Code injection (Detected by phrase)

Matched on "code injection"

What is this? (2min video)

Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Command Injection - OWASP community page with comprehensive information about Code Injection, and links to various OWASP resources to help detect or prevent it.
• SEI CERT Oracle Coding Standard for Java - Prevent Code Injection - Carnegie Mellon University Software Engineering Institute guidance on preventing code injection vulnerabilities in Java.

[secure-code-warrior-for-github]

Micro-Learning Topic: Insecure communication (Detected by phrase)

Matched on "insecure communication"

What is this? (2min video)

This vulnerability refers to the insecure transport of sensitive data between two parties. This typically takes the form of HTTP transport for web applications, or other plain-text protocols when working with other types of applications.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior

[secure-code-warrior-for-github]

Micro-Learning Topic: Directory traversal (Detected by phrase)

Matched on "directory traversal"

What is this? (2min video)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
• OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.