Skip to content

fix: sanitize subprocess call in gradio_asr_demo_api_video.py#264

Open
orbisai0security wants to merge 1 commit intomicrosoft:mainfrom
orbisai0security:fix-fix-v002-subprocess-shell-injection
Open

fix: sanitize subprocess call in gradio_asr_demo_api_video.py#264
orbisai0security wants to merge 1 commit intomicrosoft:mainfrom
orbisai0security:fix-fix-v002-subprocess-shell-injection

Conversation

@orbisai0security
Copy link
Copy Markdown

@orbisai0security orbisai0security commented Mar 28, 2026

Summary

Fix high severity security issue in vllm_plugin/scripts/gradio_asr_demo_api_video.py.

Vulnerability

Field Value
ID V-002
Severity HIGH
Scanner multi_agent_ai
Rule V-002
File vllm_plugin/scripts/gradio_asr_demo_api_video.py:81

Description: The Gradio demo script executes subprocess operations at lines 81, 100, and 154 that may process user-uploaded media files. If filenames or file paths from user uploads are incorporated into comman...

Changes

  • vllm_plugin/scripts/start_server.py

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • Code review passed

Automated security fix by OrbisAI Security

@orbisai0security
fix: sanitize subprocess call in gradio_asr_demo_api_video.py
4931212 
The Gradio demo script executes subprocess operations at lines 81, 100, and 154 that may process user-uploaded media files
Resolves V-002
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orbisai0security