CVE-2024-47167 Information

Nov 01, 2024 cve

Description

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally the content from these URLs is stored locally making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to gradio>=5 to address this issue. As a workaround users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally the content from these URLs is stored locally making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to gradio>=5 to address this issue.

As a workaround users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: