We use cookies to improve your experience on our site.
AVID-2026-R1541
Description
SSRF in the path parameter of /queue/join in Gradio (CVE-2024-47167)
Details
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to gradio>=5 to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.
Reason for inclusion in AVID: CVE-2024-47167 is a software vulnerability (SSRF) in Gradio, a Python package widely used to build and serve AI demos/apps. The flaw occurs in the Gradio server component via the /queue/join endpoint and can cause requests to user-controlled URLs, potentially reaching internal networks and enabling data exfiltration or other misuse. Gradio is a common AI tooling/framework component in ML pipelines and model-serving UIs, so this is a software supply-chain vulnerability in components used to build/deploy general-purpose AI systems. The CVE is documented with references and a recommended fix (gradio>=5) and mitigations. Therefore, it should be kept for AVID curation as an AI software supply-chain vulnerability.
References
Affected or Relevant Artifacts
- Developer: gradio-app
- Deployer: gradio-app
- Artifact Details:
| Type | Name |
|---|---|
| System | gradio |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CWE
| ID | Description |
|---|---|
| CWE-918 | CWE-918: Server-Side Request Forgery (SSRF) |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-10-10
- Version: 0.3.3
- AVID Entry