Description
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98e
Scores
CVSS v3
6.5
EPSS
0.0013
EPSS Percentile
32.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
gradio_project/gradio
3.47.1 - 4.18.0
pypi/gradio
0 - 4.18.0PyPI
Published
Mar 27, 2024
Tracked Since
Feb 18, 2026