cbcvebase.
CVE-2023-51449
published 2023-12-22

CVE-2023-51449: Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python…

PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.28%
81.0th percentile
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.

Affected

6 ranges
VendorProductVersion rangeFixed in
gaizhenbiaochuanhuchatgpt< 2024030520240305
gaizhenbiaogaizhenbiao_chuanhuchatgpt>= unspecified < 20240305 20240305
gradio_projectgradio< 4.11.04.11.0
gradio_projectgradio< 7ba8c5da45b004edd12c0460be9222f5b5f5f0557ba8c5da45b004edd12c0460be9222f5b5f5f055
gradio_projectgradio>= 0 < 4.11.04.11.0
gradio_projectgradio>= 0 < 1b9d4234d6c25ef250d882c7b90e1f4039ed2d761b9d4234d6c25ef250d882c7b90e1f4039ed2d76

Detection & IOCsextracted from sources · hover to see the quote

url/file=web_assets/../config.json
pathconfig.json
url/upload
url/file={{download_path}}../../../../../../../../../../../../../../../etc/passwd
command..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
command../../../../../../../../../../../../../../../etc/passwd
  • Detect exploitation attempts via the /file= endpoint using path traversal sequences (e.g., ../ or ..\ ) to escape the web_assets directory
  • Alert on HTTP 200 responses from /file= requests containing both '"openai_api_key":' and '"openai_api_type":' in the body with content-type application/json — indicates successful config.json exfiltration
  • Detect the two-stage exploit: a multipart POST to /upload with a sentinel filename, followed by a GET to /file= using the returned path plus traversal sequences
  • Fingerprint Gradio-exposed instances via Shodan/FOFA using the __gradio_mode__ HTML attribute before probing for the vulnerability
  • Flag HTTP responses to /file= traversal requests that return text/plain content-type with body matching 'root:.*:0:0:' (Linux /etc/passwd) or '[fonts]'/'[extensions]'/'[files]' (Windows win.ini)
  • Affected Gradio versions are 4.0–4.10 and all versions below 3.33; prioritize detection on instances running these version ranges
  • ·The vulnerability is only exploitable when Gradio authentication is NOT enabled; instances with auth configured are not directly affected by this path traversal
  • ·The chuanhuchatgpt application restricts access to the web_assets folder by design, but the outdated Gradio component undermines this control via path traversal
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.