CVE-2024-47867 – This vulnerability allows attackers to replace ... (How to Fix)

Q: What is the severity of CVE-2024-47867?

CVE-2024-47867 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to replace the FRP client binary with malicious code during download, as Gradio lacks integrity verification. Users who enable Gradio's sharing feature that downloads the FRP client are affected, potentially compromising their secure data tunneling.

📋 TL;DR

This vulnerability allows attackers to replace the FRP client binary with malicious code during download, as Gradio lacks integrity verification. Users who enable Gradio's sharing feature that downloads the FRP client are affected, potentially compromising their secure data tunneling.

💻 Affected Systems

Products:

Gradio

Versions: All versions before the fix

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only affects users who enable Gradio's sharing feature that downloads the FRP client.

📦 What is this software?

Gradio by Gradio Project

View all CVEs affecting Gradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary code on systems running the tampered FRP client, leading to full system compromise, data exfiltration, or lateral movement.

🟠

Likely Case

Attackers could intercept and replace the FRP binary to establish persistent backdoors or steal sensitive data transmitted through the tunnel.

🟢

If Mitigated

With proper integrity checks, the binary would be rejected if tampered, preventing malicious code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to compromise or control the download source URL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check the GitHub advisory for specific patched versions

Vendor Advisory: https://github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8m

Restart Required: Yes

Instructions:

1. Update Gradio to the latest patched version. 2. Restart the Gradio server. 3. Verify the FRP client download now includes integrity checks.

🔧 Temporary Workarounds

Manual Integrity Verification

all

Manually verify checksums or signatures of downloaded FRP client binaries before execution.

sha256sum downloaded_frp_binary
Compare with known good hash from trusted source

🧯 If You Can't Patch

Disable Gradio's sharing feature that downloads the FRP client.
Use alternative secure tunneling solutions with built-in integrity verification.

🔍 How to Verify

Check if Vulnerable:

Check if your Gradio version is before the patched release and if FRP client downloads occur without integrity verification.

Check Version:

pip show gradio | grep Version

Verify Fix Applied:

After updating, confirm that FRP client downloads now include checksum or signature validation.

📡 Detection & Monitoring

Log Indicators:

Unexpected FRP client download failures or integrity check warnings
Unusual network connections from FRP processes

Network Indicators:

Suspicious downloads from non-standard URLs for FRP client
Anomalous outbound traffic from FRP tunnel

SIEM Query:

Process creation events for frp binaries from unexpected locations or with unusual hashes.

📊 Metadata

CVE ID: CVE-2024-47867

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-345

Published: October 10, 2024

Last Updated: November 15, 2024

🔗 References

https://github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8m Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47867, you might also want to check these: