Server-Side Request Forgery (SSRF) in gradio-app/gradio
CVE-2024-4325

8.6HIGH

Key Information:

Vendor: Gradio-app
Status: Gradio-app/gradio
Vendor: CVE Published:; 6 June 2024

What is CVE-2024-4325?

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Gradio version 4.21.0, specifically within the '/queue/join' endpoint and the 'save_url_to_cache' function. This vulnerability occurs due to improper validation of user-supplied path values, which are intended to be URLs. Attackers can exploit this flaw to send specially crafted HTTP requests, potentially gaining unauthorized access to sensitive internal networks or compromising the security of AWS metadata endpoints. As a result, internal servers' security may be put at risk, making it essential for users to implement stringent validation mechanisms to mitigate such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gradio-app/gradio <= unspecified

References

https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a...

EPSS Score

47% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Apr 29, 2024

JSON

Gradio-app

What is CVE-2024-4325?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.