Cyber Resilience

CVE-2024-1540

HighPublic PoCRCE

Published: 27 March 2024

Published
27 March 2024
Modified
30 July 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0053 67.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1540 is a high-severity Command Injection (CWE-77) vulnerability in Gradio Project Gradio. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Poisoned Pipeline Execution (T1677); ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010).

EU & UK References

Vulnerability details

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized modification of the base…

more

repository or secrets exfiltration. The issue arises from the unsafe handling of GitHub context information within a `run` operation, where expressions inside `${{ }}` are evaluated and substituted before script execution. Remediation involves setting untrusted input values to intermediate environment variables to prevent direct influence on script generation.

CWE(s)

AI Security AnalysisAI

AI Category
Machine Learning Libraries
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Gradio is an open-source Python library for building web-based interfaces for machine learning models, commonly used for demos and inference serving, making it a machine learning library affected in its repository workflows.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1677 Poisoned Pipeline Execution Execution
Adversaries may manipulate continuous integration / continuous development (CI/CD) processes by injecting malicious code into the build process.
T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Command injection in GitHub Actions workflow (deploy+test-visual.yml) enables poisoned pipeline execution (T1677) by allowing arbitrary commands, facilitating repository modification and secrets exfiltration consistent with supply chain compromise (T1195.002).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain Compromise

Affected Assets

gradio project
gradio
≤ 2024-02-09

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References