Описание
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load() to load an attacker-controlled Space, the malicious proxy_url from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
A flaw was found in Gradio, an open-source Python package for rapid prototyping. A remote attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability by hosting a malicious Gradio Space. When a victim application uses gr.load() to load this attacker-controlled Space, a malicious proxy_url from the configuration is trusted. This allows the attacker to make arbitrary HTTP requests from the victim's server, potentially accessing internal services, cloud metadata endpoints, and private networks through the victim's infrastructure.
Отчет
This is an IMPORTANT Server-Side Request Forgery (SSRF) vulnerability in Gradio, affecting the ansible-chatbot-service within Red Hat Ansible Services. The flaw allows an attacker to make arbitrary HTTP requests from a victim's server by injecting a malicious proxy_url when the application uses gr.load() to load an attacker-controlled Gradio Space. This could lead to unauthorized access to internal services, cloud metadata, and private networks.
Меры по смягчению последствий
To mitigate this vulnerability, avoid loading Gradio Spaces from untrusted or unverified sources when using gr.load() in applications like the Ansible Chatbot Service. Additionally, implement network egress filtering to restrict outbound connections from systems running Gradio applications, preventing access to internal network resources, cloud metadata endpoints, and private networks.
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
EPSS
8.2 High
CVSS3