Merge pull request #38 from inkz:inkz/CVE-2023-51449

PiperOrigin-RevId: 620373848 Change-Id: Iff3b09b549d92ada5c65ba6ad5bf643357719bb8
google · Mar 30, 2024 · 695d579 · 695d579
2 parents 4ad1d26 + 9f7f7cf
commit 695d579
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 0 deletions.
diff --git a/gradio/CVE-2023-51449/README.md b/gradio/CVE-2023-51449/README.md
@@ -0,0 +1,19 @@
+# Gradio CVE-2023-51449
+
+## Vulnerable setup
+
+```bash
+docker build -t gradio:vuln -f vulnerable.Dockerfile .
+docker run --name gradio-vuln -p 8000:8000 -d gradio:vuln
+```
+
+Application will be available at `localhost:8000`
+
+## Non-vulnerable setup
+
+```bash
+docker build -t gradio:novuln -f non-vulnerable.Dockerfile .
+docker run --name gradio-novuln -p 8000:8000 -d gradio:novuln
+```
+
+Application will be available at `localhost:8000`
diff --git a/gradio/CVE-2023-51449/non-vulnerable.Dockerfile b/gradio/CVE-2023-51449/non-vulnerable.Dockerfile
@@ -0,0 +1,9 @@
+FROM python:3.9-slim
+
+RUN python -m pip install gradio==4.11.0
+
+ADD test_app.py /workspace/
+
+EXPOSE 8000
+
+CMD [ "python3" , "/workspace/test_app.py" ]
diff --git a/gradio/CVE-2023-51449/test_app.py b/gradio/CVE-2023-51449/test_app.py
@@ -0,0 +1,13 @@
+import gradio as gr
+
+def greet(name, intensity):
+    return "Hello, " + name + "!" * int(intensity)
+
+demo = gr.Interface(
+    fn=greet,
+    inputs=["text", "slider"],
+    outputs=["text"],
+)
+
+if __name__ == "__main__":
+    demo.launch(server_name="0.0.0.0", server_port=8000)
diff --git a/gradio/CVE-2023-51449/vulnerable.Dockerfile b/gradio/CVE-2023-51449/vulnerable.Dockerfile
@@ -0,0 +1,9 @@
+FROM python:3.9-slim
+
+RUN python -m pip install gradio==4.10.0
+
+ADD test_app.py /workspace/
+
+EXPOSE 8000
+
+CMD [ "python3" , "/workspace/test_app.py" ]