{"data":{"id":"cb2a4c4e-510e-4f1e-87c0-1945ab4b4a72","title":"CVE-2022-24770: `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11","summary":"Gradio, a framework for building interactive machine learning demos, has a vulnerability in versions before 2.8.11 where its flagging feature (which saves data to CSV files) can be tricked into storing harmful commands in the file. If someone opens this CSV file in Excel or similar programs, those commands run automatically on their computer.","solution":"Update gradio to version 2.8.11 or later, which escapes saved CSV data with single quotes to prevent command execution. As a workaround, avoid opening CSV files generated by gradio with Excel or similar spreadsheet programs.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-24770","publishedAt":"2022-03-17T21:15:08.133Z","cveId":"CVE-2022-24770","cweIds":["CWE-1236"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00591,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}