CVE-2021-43831
published 2021-12-15CVE-2021-43831: Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects…
PriorityP354high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EXPLOIT
EPSS
3.79%
88.6th percentile
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio | < 2.5.0 | 2.5.0 |
| gradio_project | gradio | < 2.5.0 | 2.5.0 |
| gradio_project | gradio | >= 0 < 2.5.0 | 2.5.0 |
| gradio_project | gradio | >= 0 < 41bd3645bdb616e1248b2167ca83636a2653f781 | 41bd3645bdb616e1248b2167ca83636a2653f781 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}
path/etc/passwd
path/windows/win.ini
- →Look for HTTP GET requests to paths matching /file/../../../../../../../../../../../../../../../../../../<filename> — the traversal pattern uses the /file/ endpoint as the entry point for path traversal.
- →Shodan query 'title:"Gradio"' can be used to identify exposed Gradio instances potentially vulnerable to this LFI.
- →A successful exploit against Linux hosts returns content matching 'root:.*:0:0:' (i.e., /etc/passwd contents); against Windows hosts, response contains '[fonts]', '[extensions]', or '[files]' from win.ini.
- →The vulnerability is limited to Gradio versions prior to 2.5.0; any Gradio instance running < 2.5.0 and publicly exposed is a candidate for exploitation. ↗
- ·File access is read-only; the vulnerability does not allow write or execution, only arbitrary file read. ↗
- ·The scope of accessible files is bounded only by the host OS permissions; an attacker must know or guess file names/paths to exploit this. ↗
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Files on the host computer can be accessed from the Gradio interface
ghsa·2022-01-21
CVE-2021-43831 [CRITICAL] CWE-22 Files on the host computer can be accessed from the Gradio interface
Files on the host computer can be accessed from the Gradio interface
### Impact
This is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces using `gradio=2.5.0`.
OSV
Files on the host computer can be accessed from the Gradio interface
osv·2022-01-21
CVE-2021-43831 [CRITICAL] Files on the host computer can be accessed from the Gradio interface
Files on the host computer can be accessed from the Gradio interface
### Impact
This is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces using `gradio=2.5.0`.
OSV
CVE-2021-43831: Gradio is an open source framework for building interactive machine learning models and demos
osv·2021-12-15
CVE-2021-43831 CVE-2021-43831: Gradio is an open source framework for building interactive machine learning models and demos
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0.
No detection rules found.
Nuclei
Gradio < 2.5.0 - Arbitrary File Read
nuclei·CVSS 7.7
CVE-2021-43831 [HIGH] Gradio < 2.5.0 - Arbitrary File Read
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio interface
Template:
id: CVE-2021-43831
info:
name: Gradio < 2.5.0 - Arbitrary File Read
author: isacaya
severity: high
description: |
Files on the host computer can be accessed from the Gradio interface
impact: |
An attacker would be able to view the contents of a file on the computer.
remediation: |
Update to version 2.5.0.
reference:
- https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
- https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score: 7.7
cve-id: CVE-2021-43831
cwe-id: CWE-22
epss-score: 0.30342
epss-percentile: 0.96697
cpe: cpe:2.3:a:gradio_
https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcrhttps://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
2021-12-15
Published