CVE-2024-47166
Published: 10 October 2024
Summary
CVE-2024-47166 is a low-severity Path Traversal (CWE-22) vulnerability in Gradio Project Gradio. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), Infer Training Data Membership (AML.T0024.000).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0065
Vulnerability details
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the…
more
file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers. Users are advised to upgrade to `gradio>=4.44` to address this issue. As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source Python package for quick prototyping of machine learning model web interfaces, commonly used in AI/ML demos and deployments, fitting under 'Other Platforms' as a UI/hosting platform for AI models.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The one-level path traversal vulnerability in the /custom_component endpoint enables file and directory discovery (T1083) by leaking source code from custom Gradio components and is exploitable remotely via public-facing web applications (T1190).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.