{"data":{"id":"7676008c-dd75-4bdd-8740-370631503850","title":"CVE-2024-12217: A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The i","summary":"A flaw in the Gradio application (version git 67e4044) on Windows allows attackers to bypass security protections and read files that should be blocked. The vulnerability exploits NTFS Alternate Data Streams (ADS, a Windows feature that lets files have hidden data attached to them) by using special syntax like 'C:/tmp/secret.txt::$DATA' to access blocked files that would normally be restricted.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-12217","publishedAt":"2025-03-20T14:15:27.560Z","cveId":"CVE-2024-12217","cweIds":["CWE-22"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00133,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}