漏洞描述
Gradio是一个开源的Python库,通过友好的Web界面演示机器学习模型。Gradio的/file接口存在服务器端请求伪造(SSRF)漏洞,攻击者可以利用该漏洞扫描和识别内部网络中的开放端口,从而可能导致敏感信息泄露。
gradio /file 服务器端请求伪造漏洞(CVE-2024-1183)
PoC代码
暂无相关漏洞推荐
- 无POCgradio /queue/join 服务器端请求伪造漏洞(CVE-2024-4325)
- POCCVE-2021-43831: Gradio < 2.5.0 - Arbitrary File Read
- POCCVE-2023-51449: Gradio Hugging Face - Local File Inclusion
- POCCVE-2024-1183: Gradio - Server Side Request Forgery
- POCCVE-2024-1561: Gradio 4.3-4.12 - Local File Read
- POCCVE-2024-1728: Gradio > 4.19.1 UploadButton - Path Traversal
- POCCVE-2024-4325: Gradio - Server-Side Request Forgery
- POCCVE-2024-4940: Gradio - Open Redirect
- POCCVE-2024-8021: Gradio - Open Redirect
- POCCVE-2021-43831: Gradio < 2.5.0 - Arbitrary File Read
- POCCVE-2023-51449: Gradio Hugging Face - Local File Inclusion
- POCCVE-2024-1183: Gradio - Server Side Request Forgery
- POCCVE-2024-1561: Gradio 4.3-4.12 - Local File Read