Lucene search

GitHub Advisory DatabaseGHSA-QH6X-J82H-VPF9

HistoryApr 16, 2024 - 12:30 a.m.

gradio Server-Side Request Forgery vulnerability

2024-04-1600:30:32

CWE-601

GitHub Advisory Database

github.com

ssrf

vulnerability

gradio

repository

get request

internal network

open ports

manipulation

'file' parameter

'location' header

'file not allowed' error

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the ‘file’ parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a ‘Location’ header or a ‘File not allowed’ error in the response.

Affected configurations

Vulners

Node

gradio_projectgradioRange<4.10.0python

VendorProductVersionCPE
gradio_projectgradio*cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*

Vendor	Product	Version	CPE
gradio_project	gradio	*	cpe:2.3:a:gradio_project:gradio::::::python::*

References

github.com/advisories/GHSA-qh6x-j82h-vpf9

github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4

github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055

huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c

nvd.nist.gov/vuln/detail/CVE-2024-1183

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for GHSA-QH6X-J82H-VPF9