Vulnerability Description
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gradio Project | Gradio | >= 3.47.1, < 4.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138Patch
- https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98eExploitThird Party Advisory
- https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138Patch
- https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98eExploitThird Party Advisory
FAQ
What is CVE-2024-2206?
CVE-2024-2206 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.rep...
How severe is CVE-2024-2206?
CVE-2024-2206 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2206?
Check the references section above for vendor advisories and patch information. Affected products include: Gradio Project Gradio.