CVE-2024-2206

Name of the Vulnerable Software and Affected Versions gradio-app/gradio (affected versions not specified)

Description A vulnerability exists due to insufficient validation of user-supplied URLs in the "/proxy" route. Attackers can exploit this by manipulating the self.replica urls set through the X-Direct-Url header in requests to the "/" and "/config" routes, allowing the addition of arbitrary URLs for proxying. This enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the build proxy request function.

Recommendations As a temporary workaround, consider disabling the build proxy request function until a patch is available. Restrict access to the "/proxy" route to minimize the risk of exploitation. Avoid using the X-Direct-Url header in requests to the "/" and "/config" routes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.