NiceGUI is a Python-based UI framework used to build graphical user interfaces. This vulnerability allows remote attackers to execute arbitrary code on the server by exploiting directory traversal through the App.add_media_files() function, potentially leading to unauthorized access or data theft.
You're affected if you use NiceGUI. Affected versions: 3.3.1
Upgrade to NiceGUI version 3.4.0 or later from the official GitHub repository: https://github.com/zauberzeug/nicegui/releases
- Alternatively, you can immediately mitigate the issue by restricting network access to your NiceGUI instance (firewall it from the public internet) and auditing admin account activity for suspicious access patterns.