CVE-2024-4325 – A Server-Side Request Forgery (SSRF) vulnerabil... (How to Fix)

📋 TL;DR

A Server-Side Request Forgery (SSRF) vulnerability in gradio-app/gradio version 4.21.0 allows attackers to make unauthorized HTTP requests from the vulnerable server. This could lead to access to internal network resources or AWS metadata endpoints. Any system running the affected gradio version with the vulnerable endpoint exposed is at risk.

💻 Affected Systems

Products:

gradio-app/gradio

Versions: 4.21.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where the /queue/join endpoint is accessible and the save_url_to_cache function is used.

📦 What is this software?

Gradio by Gradio Project

View all CVEs affecting Gradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal servers, AWS instance takeover via metadata endpoint, and lateral movement within the network.

🟠

Likely Case

Unauthorized data exfiltration from internal services, reconnaissance of internal network topology, and potential credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and request filtering in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted requests to the vulnerable endpoint with malicious URL parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.22.0 or later

Vendor Advisory: https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88

Restart Required: Yes

Instructions:

1. Update gradio to version 4.22.0 or later using pip: pip install --upgrade gradio>=4.22.0
2. Restart the gradio application
3. Verify the update with: pip show gradio

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict outbound network access from the gradio server to only necessary destinations.

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Endpoint Restriction

all

Block access to the vulnerable /queue/join endpoint using web application firewall or reverse proxy rules.

nginx: location ~ ^/queue/join { deny all; }
apache: <Location "/queue/join"> Require all denied </Location>

🧯 If You Can't Patch

Implement strict input validation to reject non-whitelisted URLs in the path parameter
Deploy network-level controls to block requests to internal IP ranges and AWS metadata endpoints

🔍 How to Verify

Check if Vulnerable:

Check if gradio version is 4.21.0 and the /queue/join endpoint accepts URL parameters without validation.

Check Version:

pip show gradio | grep Version

Verify Fix Applied:

Confirm gradio version is 4.22.0 or later and test that SSRF attempts to internal addresses are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to /queue/join with URL parameters
Outbound connections to internal IPs or AWS metadata from gradio process

Network Indicators:

HTTP traffic from gradio server to 169.254.169.254 (AWS metadata)
Requests to internal network ranges from external-facing server

SIEM Query:

source="gradio" AND (url="/queue/join" OR dest_ip=169.254.169.254 OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])

📊 Metadata

CVE ID: CVE-2024-4325

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-918

Published: June 6, 2024

Last Updated: November 21, 2024

🔗 References

https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88 Exploit,Third Party Advisory
https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4325, you might also want to check these: