CVE-2024-47167 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in Gradio allows attackers to force the server to make HTTP requests to arbitrary URLs, potentially accessing internal network resources or uploading malicious files. It affects users deploying Gradio servers with URL-fetching components like Video. The vulnerability is critical with a CVSS score of 9.8.

💻 Affected Systems

Products:

Gradio

Versions: All versions before 5.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using components that involve URL fetching (like Video component).

📦 What is this software?

Gradio by Gradio Project

View all CVEs affecting Gradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, exfiltrate data, upload malicious files to the server, and potentially pivot to other internal systems.

🟠

Likely Case

Unauthorized access to internal HTTP services, data exfiltration from internal endpoints, and potential file uploads to the Gradio server.

🟢

If Mitigated

Limited to accessing only allowed external domains with proper URL validation and restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires access to the /queue/join endpoint with URL parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: gradio>=5.0

Vendor Advisory: https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj

Restart Required: Yes

Instructions:

1. Check current Gradio version: pip show gradio
2. Upgrade: pip install --upgrade gradio>=5.0
3. Restart all Gradio applications

🔧 Temporary Workarounds

Restrict URL-based inputs

all

Disable or heavily restrict URL-based inputs to trusted domains only in Gradio applications

Implement URL validation

all

Add allowlist-based URL validation to prevent requests to internal/local addresses

🧯 If You Can't Patch

Disable all URL-fetching components in Gradio applications
Implement network segmentation to isolate Gradio servers from internal networks

🔍 How to Verify

Check if Vulnerable:

Check if Gradio version is below 5.0: pip show gradio | grep Version

Check Version:

pip show gradio | grep Version

Verify Fix Applied:

Confirm version is 5.0 or higher: pip show gradio | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests from Gradio server to internal IPs
Requests to /queue/join endpoint with URL parameters

Network Indicators:

Outbound HTTP requests from Gradio server to unexpected destinations
Requests to internal network ranges from Gradio server

SIEM Query:

source="gradio" AND (dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16] OR uri_path="/queue/join")

📊 Metadata

CVE ID: CVE-2024-47167

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: October 10, 2024

Last Updated: October 17, 2024

🔗 References

https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47167, you might also want to check these: