CVE-2024-1183

MEDIUM NUCLEI

Gradio < 4.11.0 - Open Redirect

Title source: rule

Description

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Nuclei Templates (1)

Gradio - Server Side Request Forgery

MEDIUMVERIFIEDby DhiyaneshDK

Shodan: html:"__gradio_mode__"

References (2)

[Patch] https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c

Scores

CVSS v3 6.5

EPSS 0.5505

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-601

Status published

Products (2)

gradio_project/gradio 3.41.0 - 4.11.0

pypi/gradio 0 - 4.10.0PyPI

Published Apr 16, 2024

Tracked Since Feb 18, 2026