Description
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
Problem types
URL Redirection to Untrusted Site ('Open Redirect')
Server-Side Request Forgery (SSRF)
Product status
Any version before 6.20.0
Credits
George Chen
References
github.com/gradio-app/gradio/issues/13593 (Researcher Disclosure)
github.com/gradio-app/gradio/releases/tag/gradio@6.20.0 (Release Notes)
github.com/gradio-app/gradio/pull/13596 (Fix PR)
github.com/...ommit/1c5c53842df9c2750552d85c19a92e7e732cff3f (Fix Commit)
www.vulncheck.com/...t-and-ssrf-via-gradio-api-file-endpoint