CVE-2023-51449: 
Gradio vulnerability analysis and mitigation

Gradio, an open-source Python package for building machine learning model demos and web applications, contained a path traversal vulnerability (CVE-2023-51449) in versions prior to 4.11.0. The vulnerability was present in the /file route, which made applications susceptible to file traversal attacks where an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g., if the demo was created with share=True, or on Hugging Face Spaces) (GitHub Advisory).

The vulnerability exists in the file endpoint's path validation mechanism. The check to prevent path traversal was flawed as it didn't properly account for subdirectories inside the temp folder. Attackers could use the upload endpoint to first create a subdirectory within the temp directory, and then traverse out from that subdirectory to read arbitrary files using the '../' or '%2e%2e%2f' sequence. The vulnerability has a CVSS v3.1 base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) according to NVD's assessment (Horizon3).

The vulnerability allows unauthorized users to bypass the intended restrictions and access arbitrary files on the system running the Gradio application. In a Hugging Face space environment, attackers could exploit this vulnerability to access secrets stored in environment variables by reading the /proc/self/environ pseudo-file (Horizon3).

The vulnerability has been patched in Gradio version 4.11.0. Users are strongly recommended to upgrade to this version or later. The fix includes improved path validation mechanisms to prevent file traversal attacks (GitHub Commit).