Gradio is the fastest way to demo your machine learning model with a friendly web interface so that anyone can use it.
- Description: Gradio < 4.3.0 is vulnerable to an LFI in the
/component_serverAPI endpoint. - Impact: This vulnerability allows an attacker to read files off the filesystem remotely.
The vulnerabilities and associated exploits provided in this repository are for educational and ethical security testing purposes only.
Contributions to improve the exploits or documentation are welcome. Please follow the contributing guidelines outlined in the repository.
All exploits and templates in this repository are released under the Apache 2.0 License.