CVE-2024-8021 – An open redirect vulnerability in gradio-app/gr... (How to Fix)

Q: What is the severity of CVE-2024-8021?

CVE-2024-8021 has a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability in gradio-app/gradio allows attackers to redirect users to malicious websites using URL encoding. This affects all users of vulnerable gradio versions who interact with the application. Attackers can exploit this by sending crafted requests that trigger 302 redirects to attacker-controlled sites.

📋 TL;DR

An open redirect vulnerability in gradio-app/gradio allows attackers to redirect users to malicious websites using URL encoding. This affects all users of vulnerable gradio versions who interact with the application. Attackers can exploit this by sending crafted requests that trigger 302 redirects to attacker-controlled sites.

💻 Affected Systems

Products:

gradio-app/gradio

Versions: Latest version prior to fix (specific version numbers not provided in CVE)

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable gradio versions are affected regardless of configuration.

📦 What is this software?

Gradio by Gradio Project

View all CVEs affecting Gradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to phishing sites that steal credentials or deliver malware, leading to account compromise or system infection.

🟠

Likely Case

Users are redirected to phishing or scam websites, potentially resulting in credential theft or financial loss.

🟢

If Mitigated

Redirects are validated and restricted to trusted domains only, preventing malicious redirections.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted requests but no authentication or special privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check gradio repository for latest patched version

Vendor Advisory: https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888

Restart Required: Yes

Instructions:

1. Update gradio to the latest patched version
2. Restart the application/service
3. Verify the fix is applied

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject or sanitize redirect URLs containing encoded characters

Implement custom middleware to validate redirect URLs before processing

Redirect Whitelist

all

Restrict redirects to predefined trusted domains only

Configure application to only allow redirects to approved domain list

🧯 If You Can't Patch

Implement WAF rules to block requests with suspicious redirect parameters
Monitor logs for unusual redirect patterns and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test by sending a request with URL-encoded redirect parameter to see if it redirects to external site

Check Version:

pip show gradio | grep Version

Verify Fix Applied:

Test the same exploit attempt after patching - it should not redirect to external sites

📡 Detection & Monitoring

Log Indicators:

302 redirect responses to external domains
Requests with encoded URL parameters

Network Indicators:

Unexpected redirects to unfamiliar domains
HTTP 302 responses with external Location headers

SIEM Query:

http.status_code=302 AND NOT url.domain IN (trusted_domains)

📊 Metadata

CVE ID: CVE-2024-8021

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 2.68% exploit probability (85.5th percentile)

Published: March 20, 2025

Last Updated: March 26, 2025

🔗 References

https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888 Exploit,Third Party Advisory
https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8021, you might also want to check these: