Gradio Arbitrary File Copy Vulnerability in Flagging Feature Allowing Denial-of-Service

An arbitrary file copy vulnerability has been identified in Gradio versions prior to 5.31.0, within the flagging feature. This vulnerability allows unauthenticated attackers to copy any readable file from the server's filesystem. While the copied files cannot be read by the attackers, this vulnerability can be exploited to cause a denial-of-service by copying large files, such as /dev/urandom, to fill up disk space. The issue arises because the flagging component does not properly validate file paths before initiating the copy, enabling the unauthorized file access.

Impact

Exploitation of this vulnerability could lead to unauthorized file copying, with potential denial-of-service consequences by filling up server disk space with large files.

Reproduction

The vulnerability can be reproduced by sending a JSON payload to the '/gradio_api/run/predict' endpoint. The 'path' field in the 'FileData' object can be manipulated to reference any file on the server that the Gradio process can read. Once the payload is processed, the specified file will be copied to Gradio's flagged directory.

Remediation

Users are advised to update Gradio to version 5.31.0 or later, where this vulnerability has been patched.