CVE-2024-47167: 
Gradio vulnerability analysis and mitigation

Gradio, an open-source Python package designed for quick prototyping, contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-47167) in the /queue/join endpoint. The vulnerability was discovered and disclosed on October 10, 2024, affecting all versions of Gradio prior to version 5.0. The issue specifically involves the async_save_url_to_cache function, which can be exploited to force the Gradio server to send HTTP requests to user-controlled URLs (GitHub Advisory).

The vulnerability is classified as CWE-918 (Server-Side Request Forgery) with a CVSS v3.1 base score of 9.8 (CRITICAL) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The CVSS v4.0 score is 6.9 (MEDIUM) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N. The vulnerability exists in the async_save_url_to_cache function, which fails to properly validate user-controlled URLs in the /queue/join endpoint (NVD).

The vulnerability allows attackers to force the Gradio server to send HTTP requests to arbitrary URLs under attacker control. This can lead to potential data exfiltration from internal servers or services within a local network. Additionally, since the content from these URLs is stored locally, attackers could potentially upload malicious files to the server. The vulnerability particularly affects deployments using components like the Video component that involve URL fetching (GitHub Advisory).

The primary mitigation is to upgrade to Gradio version 5.0 or later. For users unable to upgrade immediately, several workarounds are available: disable or restrict URL-based inputs to trusted domains only, implement stricter URL validation using allowlist-based validation, and ensure that local or internal network addresses cannot be requested via the /queue/join endpoint (GitHub Advisory).