cbcvebase.
CVE-2024-1728
published 2024-04-10

CVE-2024-1728: gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component…

PriorityP275high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
85.39%
99.7th percentile
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.

Affected

3 ranges
VendorProductVersion rangeFixed in
gradio-appgradio-app_gradio>= unspecified < 4.19.24.19.2
gradio_projectgradio>= 0 < 4.19.24.19.2
gradio_projectgradio>= 4.18.0 < 4.19.24.19.2

Detection & IOCsextracted from sources · hover to see the quote

url/queue/join
path/etc/passwd
path/windows/win.ini
path/tmp/gradio/[^/]+/passwd
commandPOST /queue/join HTTP/1.1 Content-Type: application/json {"data":[{"path":"{{path}}","url":"{{BaseURL}}/file=/help","orig_name":"CHANGELOG.md","size":3549,"mime_type":"text/markdown"}],"event_data":null,"fn_index":0,"trigger_id":2,"session_hash":"{{randstr}}"}
url/queue/data?session_hash={{randstr}}
url/file={{extracted_path}}
yara
regex: root:[^:]:0:0:
  • Exploit targets the `/queue/join` POST endpoint with a crafted JSON payload where the `path` field contains an absolute filesystem path (e.g., `/etc/passwd`) to trigger path traversal via the UploadButton component.
  • After posting to `/queue/join`, the attacker polls `/queue/data?session_hash=<hash>` to retrieve the server-side path where the traversed file was written, then fetches it via `/file=<extracted_path>`.
  • Traversed files are staged under `/tmp/gradio/<random>/passwd` on Linux targets; monitor for unexpected reads of sensitive files in that directory.
  • Shodan fingerprint `html:"__gradio_mode__"` can be used to identify internet-exposed Gradio instances for proactive scanning.
  • Successful exploitation is confirmed by HTTP 200 response containing `root:[^:]:0:0:` (Linux /etc/passwd) or `[(font|extension|file)s]` (Windows win.ini) in the body of the `/file=` response.
  • The vulnerability affects Gradio versions up to and including 4.19.1; the `orig_name` field in the exploit payload is set to `CHANGELOG.md` as a decoy filename.
  • ·The path traversal payload must be delivered as a JSON body with `Content-Type: application/json`; the `path` key accepts raw absolute filesystem paths without sanitisation in affected versions.
  • ·Exploitation is a multi-step process (POST to /queue/join → GET /queue/data → GET /file=); single-request detections will miss the full attack chain.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.