Server-side Request Forgery (SSRF) Affecting gradio package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-GRADIO-8342716
  • published 5 Nov 2024
  • disclosed 4 Nov 2024
  • credit Aftersnows

How to fix?

There is no fixed version for gradio.

Overview

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to no restrictions on the URL, in the save_url_to_cache function. An attacker can access and download local resources and sensitive information.

PoC

from pathlib import Path
import gradio as gr

def upload_file(filepath):
    name = Path(filepath).name
    return [gr.UploadButton(visible=False), gr.DownloadButton(label=f"Download {name}", value=filepath, visible=True)]

def download_file():
    return [gr.UploadButton(visible=True), gr.DownloadButton(visible=False)]

with gr.Blocks() as demo:
    gr.Markdown("First upload a file and and then you'll be able download it (but only once!)")
    with gr.Row():
        u = gr.UploadButton("Upload a file", file_count="single")
        d = gr.DownloadButton("Download the file", visible=False)

    u.upload(upload_file, u, [u, d])
    d.click(download_file, None, [u, d])

if __name__ == "__main__":
    demo.launch()

References

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
8.8 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    High
  • Integrity (VI)
    Low
  • Availability (VA)
    None
  • Confidentiality (SC)
    None
  • Integrity (SI)
    None
  • Availability (SA)
    None