CVE-2024-2206
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the build_proxy_request function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| gradio-app | gradio-app/gradio | unspecified < 4.18 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98e
- https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138bdc6
References
- https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98e
- https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138bdc6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.