Path Traversal in gradio-app/gradio

Vulnerability

Overview

A path traversal vulnerability exists in the Gradio Audio component as of commit 98cbcae. The flaw allows an attacker to manipulate the output format of audio files, which can lead to arbitrary file content deletion. By controlling the format, an attacker can reset any file to an empty file, effectively causing a denial of service (DOS) on the server [1][3].

Exploitation

Method

The vulnerability is triggered through the Audio component's processing logic. The attacker can influence the format parameter during audio file conversion, which is then used to write the output. Due to insufficient input validation, this can be leveraged to overwrite unintended files by controlling the path or content of the output file. The attack does not require authentication beyond accessing the Gradio interface [1][4].

Impact

Successful exploitation allows an attacker to delete the content of arbitrary files on the server, resetting them to empty. This can lead to denial of service, data loss, or disruption of the Gradio application's functionality. The vulnerability is rated with a CVSS v4.0 vector, although NVD assessment is not yet provided [3].

Mitigation

As of the published information, the vulnerability affects a specific Git commit (98cbcae). Users are advised to update to a patched version of Gradio or apply any available workarounds recommended by the vendor. The vulnerability was reported via the Huntr bug bounty platform, indicating active disclosure [4].