.. / CVE-2024-1728

Exploit for Gradio > 4.19.1 UploadButton - Path Traversal (CVE-2024-1728)

Description:

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.

Nuclei Template

View the template here CVE-2024-1728.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-1728.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-1728
https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a