CVE-2024-48052

MEDIUM

gradio < 4.42.0 - Server-Side Request Forgery via DownloadButton URL Parameter

Title source: llm

Description

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/AfterSnows/45ffc23797f9127e00755376cc610e12

Exploit, Third Party Advisory

https://rumbling-slice-eb0.notion.site/FULL-SSRF-in-gr-DownloadButton-in-gradio-app-gradio-870b21e0908b48cbafd914719ac1a4e6?pvs=4

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

gradio_project/gradio < 4.42.0

pypi/gradio 0PyPI

Published Nov 04, 2024

Tracked Since Feb 18, 2026