CVE-2024-1561

2024-04-1600:15:08

CWE-29

@huntr_ai

web.nvd.nist.gov

gradio

file read access

vulnerability

remote attack

sensitive information

huggingface.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

32.9%

JSON

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.

Affected configurations

Vulners

Vulnrichment

Node

gradio-appgradio-app\/gradioMatch4.13.0

VendorProductVersionCPE
gradio-appgradio-app\/gradio4.13.0cpe:2.3:a:gradio-app:gradio-app\/gradio:4.13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gradio-app	gradio-app\/gradio	4.13.0	cpe:2.3:a:gradio-app:gradio-app\/gradio:4.13.0:::::::*

CNA Affected

[
  {
    "vendor": "gradio-app",
    "product": "gradio-app/gradio",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.13.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]