CVE-2023-51449
published 2023-12-22CVE-2023-51449: Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python…
PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.28%
81.0th percentile
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | < 20240305 | 20240305 |
| gaizhenbiao | gaizhenbiao_chuanhuchatgpt | >= unspecified < 20240305 | 20240305 |
| gradio_project | gradio | < 4.11.0 | 4.11.0 |
| gradio_project | gradio | < 7ba8c5da45b004edd12c0460be9222f5b5f5f055 | 7ba8c5da45b004edd12c0460be9222f5b5f5f055 |
| gradio_project | gradio | >= 0 < 4.11.0 | 4.11.0 |
| gradio_project | gradio | >= 0 < 1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 | 1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts via the /file= endpoint using path traversal sequences (e.g., ../ or ..\ ) to escape the web_assets directory ↗
- →Alert on HTTP 200 responses from /file= requests containing both '"openai_api_key":' and '"openai_api_type":' in the body with content-type application/json — indicates successful config.json exfiltration ↗
- →Detect the two-stage exploit: a multipart POST to /upload with a sentinel filename, followed by a GET to /file= using the returned path plus traversal sequences ↗
- →Fingerprint Gradio-exposed instances via Shodan/FOFA using the __gradio_mode__ HTML attribute before probing for the vulnerability ↗
- →Flag HTTP responses to /file= traversal requests that return text/plain content-type with body matching 'root:.*:0:0:' (Linux /etc/passwd) or '[fonts]'/'[extensions]'/'[files]' (Windows win.ini) ↗
- →Affected Gradio versions are 4.0–4.10 and all versions below 3.33; prioritize detection on instances running these version ranges ↗
- ·The vulnerability is only exploitable when Gradio authentication is NOT enabled; instances with auth configured are not directly affected by this path traversal ↗
- ·The chuanhuchatgpt application restricts access to the web_assets folder by design, but the outdated Gradio component undermines this control via path traversal ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8q7w-vr6v-q7r2: The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component
ghsa_unreviewed·2024-06-06·CVSS 5.6
CVE-2024-3234 [MEDIUM] CWE-22 GHSA-8q7w-vr6v-q7r2: The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
OSV
CVE-2023-51449: Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbita
osv·2023-12-22
CVE-2023-51449 CVE-2023-51449: Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbita
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.
GHSA
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
ghsa·2023-12-21
CVE-2023-51449 [HIGH] CWE-22 Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Older versions of `gradio` contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for.
This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as `curl` with the `--pass-as-is` flag.
Furthermore, the `/file` route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks.
Both of these vulnerabilities have been fixed in `gradi
OSV
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
osv·2023-12-21
CVE-2023-51449 [HIGH] Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Older versions of `gradio` contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for.
This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as `curl` with the `--pass-as-is` flag.
Furthermore, the `/file` route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks.
Both of these vulnerabilities have been fixed in `gradi
No detection rules found.
Nuclei
Chuanhu Chat - Directory Traversal
nuclei·CVSS 7.5
CVE-2024-3234 [HIGH] Chuanhu Chat - Directory Traversal
Chuanhu Chat - Directory Traversal
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
Template:
id: CVE-2024-3234
info:
name: Chuanhu Chat - Directory Traversal
author: DhiyaneshDk
severity: critical
description: |
The gaizhenbiao/chuanhuc
Nuclei
Gradio Hugging Face - Local File Inclusion
nuclei·CVSS 7.5
CVE-2023-51449 [HIGH] Gradio Hugging Face - Local File Inclusion
Gradio Hugging Face - Local File Inclusion
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33
Template:
id: CVE-2023-51449
info:
name: Gradio Hugging Face - Local File Inclusion
author: nvn1729
severity: high
description: |
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33
impact: |
Unauthenticated attackers can read arbitrary files from the server when authentication is not enabled, potentially exposing sensitive configuration files and credentials.
remediation: |
Upgrade Gradio to version 3.33 or later (for Gradio < 3.x) or to version 4.11 or later (for Gradio 4.x).
reference:
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-sec
No writeups or analysis indexed.
https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
2023-12-22
Published