An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Affected Packages

PyPI gradio

Affected versions: 0 (fixed in 4.10.0)

Related CVEs

CVE-2024-1183

Key Information

GHSA ID

GHSA-qh6x-j82h-vpf9

Published

April 16, 2024 12:30 AM

Last Modified

April 16, 2024 6:05 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

gradio

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.