Description
An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
INFO
Published Date :
2024-04-16T00:00:14.458Z
Last Modified :
2024-08-01T18:33:24.939Z
Source :
@huntr_ai
AFFECTED PRODUCTS
The following products are affected by CVE-2024-1183 vulnerability.
| Vendors | Products |
|---|---|
| Gradio Project |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1183.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact