Input validation error in Gradio - CVE-2024-51751
Published: November 6, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper input validation in File and UploadButton components when handling crafted file path data in requests. A remote user can send a specially crafted request to disclose sensitive information.
Only applications that use these components to preview or echo uploaded file content are vulnerable.