Bug 1212123 (CVE-2023-34239)

Summary: VUL-0: CVE-2023-34239: gradio: Make the `/file` and `/proxy` routes more secure
Product: [openSUSE] openSUSE Distribution Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: OtherAssignee: Wolfgang Engel <wolfgang.engel>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: Leap 15.4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2023-06-08 06:23:24 UTC 
There are two separate security vulnerabilities here: (1) a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps (2) the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs

References:
https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695