Home » Database

AVID-2026-R1422

Description

SSRF Vulnerability in gradio-app/gradio (CVE-2024-2206)

Details

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application’s inadequate checking of safe URLs in the build_proxy_request function.

Reason for inclusion in AVID: The CVE describes an SSRF vulnerability in gradio-app/gradio, a widely used AI demo framework. This directly concerns software used to build and deploy AI/model-serving demos, impacting AI pipelines and general-purpose AI systems. It affects the software supply chain through the Gradio dependency, enabling exposure or manipulation via proxying. The vulnerability is clearly security-related with concrete impact (SSRF), and the report provides explicit details and references.

References

Affected or Relevant Artifacts

  • Developer: gradio-app
  • Deployer: gradio-app
  • Artifact Details:
TypeName
Systemgradio-app/gradio

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.0
Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score7.3
Base Severity🔴 High
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality Impact🟢 Low
Integrity Impact🟢 Low
Availability Impact🟢 Low

CWE

IDDescription
CWE-918CWE-918 Server-Side Request Forgery (SSRF)

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-03-27
  • Version: 0.3.3
  • AVID Entry