CVE-2024-1183
Last modified
CVE-2024-1183 is a vulnerability of currently unknown severity. An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.. EPSS estimates a 1.78% chance of exploitation in the next 30 days.
Description
An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gradio Project | Gradio | >= 3.41.0, < 4.11.0 |
References
- https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007cExploit, Third Party Advisory
- https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007cExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-1183?
How severe is CVE-2024-1183?
How do I fix CVE-2024-1183?
Are you affected by CVE-2024-1183?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST