CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47167 – SSRF in the path parameter of /queue/join in Gradio
https://notcve.org/view.php?id=CVE-2024-47167
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. • https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47168 – The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio
https://notcve.org/view.php?id=CVE-2024-47168
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. • https://github.com/gradio-app/gradio/security/advisories/GHSA-hm3c-93pg-4cxw • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2023-51449 – Make the `/file` secure against file traversal attacks
https://notcve.org/view.php?id=CVE-2023-51449
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0. Gradio es un paquete Python de código abierto que le permite crear rápidamente una demostración o una aplicación web para su modelo de aprendizaje automático, API o cualquier función arbitraria de Python. Las versiones de `gradio` anteriores a la 4.11.0 contenían una vulnerabilidad en la ruta `/file` que las hacía susceptibles a ataques transversales de archivos en los que un atacante podía acceder a archivos arbitrarios en una máquina que ejecutaba una aplicación Gradio con una URL pública (por ejemplo, si la demostración se creó con `share=True`, o en Hugging Face Spaces) si conocían la ruta de los archivos a buscar. • https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055 https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6572 – Command Injection in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2023-6572
Command Injection in GitHub repository gradio-app/gradio prior to main. Exposición de información confidencial a un actor no autorizado en el repositorio de GitHub gradio-app/gradio antes de main. • https://github.com/gradio-app/gradio/commit/5b5af1899dd98d63e1f9b48a93601c2db1f56520 https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34239 – Unfiltered paths in gradio
https://notcve.org/view.php?id=CVE-2023-34239
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. • https://github.com/gradio-app/gradio/pull/4370 https://github.com/gradio-app/gradio/pull/4406 https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695 • CWE-20: Improper Input Validation •