{"id":"PYSEC-2024-261","details":"A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.","aliases":["CVE-2024-0964","GHSA-f3h9-8phc-6gvh"],"modified":"2026-06-10T17:01:50.388648277Z","published":"2024-02-05T23:15:08.190Z","references":[{"type":"FIX","url":"https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70"},{"type":"EVIDENCE","url":"https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-f3h9-8phc-6gvh"}],"affected":[{"package":{"name":"gradio","ecosystem":"PyPI","purl":"pkg:pypi/gradio"},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2024-261.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}]}