CVE-2024-0964 Overview
A critical Local File Inclusion (LFI) vulnerability exists in Gradio, a popular Python library for building machine learning web applications and demos. This vulnerability allows remote attackers to trigger local file inclusion by exploiting improper validation of user-supplied JSON values in API requests. The flaw enables unauthorized access to sensitive files on the server hosting Gradio applications, potentially exposing configuration files, source code, credentials, and other confidential data.
Critical Impact
Remote attackers can exploit this vulnerability without authentication to read arbitrary files from servers hosting Gradio applications, leading to potential data theft, credential exposure, and further system compromise.
Affected Products
- Gradio (Python package)
- Gradio-based machine learning web applications
- Hugging Face Spaces utilizing Gradio interfaces
Discovery Timeline
- 2024-02-05 - CVE-2024-0964 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-0964
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal), manifesting as a Local File Inclusion (LFI) issue in Gradio's API request handling. The vulnerability exists due to insufficient validation and sanitization of user-controlled JSON input parameters passed to API endpoints. When Gradio processes API requests, it fails to properly validate file path references embedded in JSON payloads, allowing attackers to traverse the file system and include arbitrary local files.
The attack is network-accessible and requires no authentication or user interaction, making it particularly dangerous for publicly exposed Gradio applications. Successful exploitation grants attackers read access to sensitive files and potentially limited write capabilities, severely impacting confidentiality and integrity of affected systems.
Root Cause
The root cause lies in improper input validation of user-supplied JSON values within Gradio's API handling logic. The application fails to sanitize path traversal sequences (such as ../) and does not restrict file access to intended directories. This allows malicious input to escape the intended application context and access arbitrary files on the underlying file system.
Attack Vector
Attackers can exploit this vulnerability by sending specially crafted API requests containing malicious JSON payloads to a Gradio application. The attack vector is network-based and requires no privileges or user interaction. The attacker crafts a JSON payload with path traversal sequences targeting sensitive files such as /etc/passwd, configuration files, or application secrets.
The security patch introduces improvements to the event handling and protocol mechanisms:
const session_hash = Math.random().toString(36).substring(2);
const last_status: Record<string, Status["stage"]> = {};
+ let stream_open = false;
+ let event_stream: EventSource | null = null;
+ const event_callbacks: Record<string, () => Promise<void>> = {};
let config: Config;
let api_map: Record<string, number> = {};
Source: GitHub Commit d76bcaa
The patch also updates the protocol type definitions to enforce stricter protocol handling:
show_api: boolean;
stylesheets: string[];
path: string;
- protocol?: "sse" | "ws";
+ protocol?: "sse_v1" | "sse" | "ws";
}
export interface Payload {
Source: GitHub Commit d76bcaa
Detection Methods for CVE-2024-0964
Indicators of Compromise
- API requests containing path traversal sequences such as ../, ..%2f, or %2e%2e/ in JSON payloads
- Unusual access patterns to Gradio API endpoints with file path-like parameters
- Server logs showing attempts to access sensitive system files like /etc/passwd or application configuration files
- Unexpected file read operations from Gradio application processes outside normal application directories
Detection Strategies
- Implement Web Application Firewall (WAF) rules to detect and block path traversal patterns in API requests
- Monitor application logs for JSON payloads containing suspicious file path references
- Deploy intrusion detection systems (IDS) with signatures for Local File Inclusion attacks
- Use runtime application self-protection (RASP) solutions to detect unauthorized file access attempts
Monitoring Recommendations
- Enable detailed logging for all Gradio API endpoints and review for anomalous request patterns
- Monitor file system access by Gradio processes for unexpected file read operations
- Configure alerting for requests containing encoded path traversal sequences
- Implement rate limiting on API endpoints to slow potential exploitation attempts
How to Mitigate CVE-2024-0964
Immediate Actions Required
- Update Gradio to the latest patched version immediately
- Review application logs for evidence of prior exploitation attempts
- Restrict network access to Gradio applications where possible using firewalls or network segmentation
- Implement input validation at the application layer to reject requests containing path traversal sequences
Patch Information
The Gradio development team has released a security fix addressing this vulnerability. The patch is available via GitHub Commit d76bcaa. Organizations should update their Gradio installations to the patched version as soon as possible. For complete vulnerability disclosure details, refer to the Huntr Vulnerability Disclosure.
Workarounds
- Deploy a reverse proxy or WAF in front of Gradio applications to filter malicious requests
- Restrict Gradio application network exposure to trusted networks only
- Implement application-level input sanitization to reject path traversal patterns
- Run Gradio applications in containerized or sandboxed environments with restricted file system access
# Example: Update Gradio to latest patched version
pip install --upgrade gradio
# Example: Add nginx WAF rules to block path traversal
location /api {
if ($request_uri ~* "\.\.") {
return 403;
}
proxy_pass http://gradio_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
