CVE-2024-0964 – CVE-2024-0964 is a critical local file inclusio... (How to Fix)

📋 TL;DR

CVE-2024-0964 is a critical local file inclusion vulnerability in Gradio that allows remote attackers to read arbitrary files on the server by exploiting a vulnerable user-supplied JSON value in API requests. This affects all Gradio deployments with vulnerable versions exposed to untrusted users. Attackers can potentially access sensitive configuration files, credentials, or other system data.

💻 Affected Systems

Products:

Gradio

Versions: Versions before 4.19.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Gradio deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Gradio by Gradio Project

View all CVEs affecting Gradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through reading sensitive files like SSH keys, database credentials, or configuration files leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files containing API keys, tokens, configuration data, or user information stored on the server.

🟢

If Mitigated

Limited impact with proper input validation and file access restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted JSON payloads to vulnerable API endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.19.2

Vendor Advisory: https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70

Restart Required: Yes

Instructions:

1. Update Gradio to version 4.19.2 or later using pip: pip install --upgrade gradio>=4.19.2
2. Restart all Gradio applications and services
3. Verify the update was successful

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject JSON payloads containing file path traversal patterns

Network Restriction

all

Restrict network access to Gradio applications to trusted IP ranges only

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests containing file path traversal patterns
Run Gradio applications with minimal file system permissions and in isolated containers

🔍 How to Verify

Check if Vulnerable:

Check Gradio version: python -c "import gradio; print(gradio.__version__)" and compare to 4.19.2

Check Version:

python -c "import gradio; print(gradio.__version__)"

Verify Fix Applied:

Confirm version is 4.19.2 or higher and test API endpoints with malicious payloads to ensure they're rejected

📡 Detection & Monitoring

Log Indicators:

Unusual file path patterns in API request logs
Multiple failed attempts to access system files
Requests containing '../' patterns in JSON payloads

Network Indicators:

Unusual spikes in API requests to file-related endpoints
Requests with abnormal JSON structures

SIEM Query:

source="gradio_logs" AND ("../" OR "..\\" OR "/etc/" OR "/root/")

📊 Metadata

CVE ID: CVE-2024-0964

CVSS v3 Score: 9.4 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-22

Published: February 5, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 Patch
https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 Exploit,Third Party Advisory
https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 Patch
https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0964, you might also want to check these: