{"data":{"id":"1718cb40-71de-4556-a6e5-e11a565cae21","title":"CVE-2023-6572: Command Injection in GitHub repository gradio-app/gradio prior to main.","summary":"CVE-2023-6572 is a command injection vulnerability (a security flaw where an attacker can run unauthorized commands) in the Gradio application (a tool for building AI demos) versions prior to the main branch. The vulnerability results from improper handling of special characters that could allow attackers to execute commands on affected systems.","solution":"A patch is available at the GitHub commit: https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520. Users should update to the main branch or apply this commit to fix the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-6572","publishedAt":"2023-12-14T19:15:46.013Z","cveId":"CVE-2023-6572","cweIds":["CWE-77","CWE-77"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02454,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}