Back to KEVs

CVE-2024-1561

Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio

Basic Information

CVE State
PUBLISHED
Reserved Date
February 15, 2024
Published Date
April 16, 2024
Last Updated
February 13, 2025
Vendor
gradio-app
Product
gradio-app/gradio
Description
An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2024-05-11 13:44:46 UTC) Source

References

https://huntr.com/bounties/4acf584e-2fe8-490e-878d-2d9bf2698338 https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2 https://www.gradio.app/changelog#4-13-0

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-10-05 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-1561.yaml 2025-04-25 00:00:00 UTC
Nessus https://www.tenable.com/plugins/nessus/213709 2025-01-10 17:55:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

DiabloHTB/CVE-2024-1561

Type: github • Created: 2024-05-11 13:44:46 UTC • Stars: 4

Poc for CVE-2024-1561 affecting Gradio 4.12.0

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nessus

  • Detected by Nuclei

  • Added to KEVIntel