Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.
References
Link | Resource |
---|---|
https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj | Third Party Advisory |
Configurations
History
17 Oct 2024, 16:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* | |
First Time |
Gradio Project
Gradio Project gradio |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj - Third Party Advisory |
15 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-10 22:15
Updated : 2024-10-17 16:53
NVD link : CVE-2024-47167
Mitre link : CVE-2024-47167
CVE.ORG link : CVE-2024-47167
JSON object : View
Products Affected
gradio_project
- gradio
CWE
CWE-918
Server-Side Request Forgery (SSRF)