7.3
CVE-2024-2206
- EPSS 0.42%
- Veröffentlicht 27.03.2024 01:15:46
- Zuletzt bearbeitet 29.07.2025 20:24:44
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
SSRF Vulnerability in gradio-app/gradio
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gradio Project ≫ Gradio SwPlatformpython Version >= 3.47.1 < 4.18.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| security@huntr.dev | 7.3 | 3.9 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138bdc6
https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98e