Description

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

INFO

Published Date :

2024-04-16T00:00:14.458Z

Last Modified :

2024-08-01T18:33:24.939Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1183 vulnerability.

Vendors Products
Gradio Project
  • Gradio
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1183.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact