Viral Factory is a highly modular gradio app that automates the production of various forms of social media content. Thanks to it's complex engines system it allows you to customize its process in detail.
GNU Affero General Public License v3.0
39
stars
6
forks
source link
⬆️ Upgrade dependency gradio to v5 [SECURITY] - autoclosed #124
What kind of vulnerability is it? Who is impacted?
This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhost_aliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication.
Patches
Yes, please upgrade to gradio>=5.0 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can manually modify the localhost_aliases list in their local Gradio deployment to exclude "null" as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a one-level read path traversal in the /custom_component endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers.
Patches
Yes, please upgrade to gradio>=4.44 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories.
What kind of vulnerability is it? Who is impacted?
This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching.
Patches
Yes, please upgrade to gradio>=5 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted.
Patches
Yes, please upgrade to gradio>=4.44 to address this issue.
This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature.
Who is impacted?
Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling.
Patches
Yes, please upgrade to gradio>=5.0, which includes a fix to verify the integrity of the downloaded binary.
Workarounds
There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.
What kind of vulnerability is it? Who is impacted?
This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data.
Vulnerable Components:
String to FileData: DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton.
Complex data to FileData: Chatbot, MultimodalTextbox.
Direct file read in preprocess: Code.
Dictionary converted to FileData: ParamViewer, Dataset.
Exploit Scenarios:
A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like /etc/passwd), and downloads sensitive files.
An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak.
Patches
Yes, the issue has been resolved in gradio>5.0. Upgrading to the latest version will mitigate this vulnerability.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a timing attack in the way Gradio compares hashes for the analytics_dashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.
Patches
Yes, please upgrade to gradio>4.44 to mitigate this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the risk before applying the patch, developers can manually patch the analytics_dashboard dashboard to use a constant-time comparison function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a race condition in the update_root_in_config function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition.
Patches
Yes, please upgrade to gradio>=5 to address this issue.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves insecure communication between the FRP (Fast Reverse Proxy) client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using share=True without proper encryption, exposing sensitive data to potential eavesdroppers.
Patches
Yes, please upgrade to gradio>=5 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can avoid using share=True in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.
What kind of vulnerability is it? Who is impacted?
This vulnerability involves Cross-Site Scripting (XSS) on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files.
Patches
Yes, please upgrade to gradio>=5 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.
What kind of vulnerability is it? Who is impacted?
This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allow_custom_value parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary values, effectively breaking the developer’s intended input constraints. While this alone is not a severe vulnerability, it can lead to more critical security issues, particularly when paired with other vulnerabilities like file downloads from the user's machine.
Patches
Yes, this issue is addressed in gradio>=5.0. Please upgrade to the latest version to resolve the problem.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the issue without upgrading, developers can add manual validation in their prediction function to check the received values against the allowed dropdown values before processing them.
Release Notes
gradio-app/gradio (gradio)
### [`v5.0.0`](https://redirect.github.com/gradio-app/gradio/blob/HEAD/CHANGELOG.md#500-beta10)
[Compare Source](https://redirect.github.com/gradio-app/gradio/compare/gradio@4.44.1...gradio@5.0.0)
##### Fixes
- [#9600](https://redirect.github.com/gradio-app/gradio/pull/9600) [`9f71086`](https://redirect.github.com/gradio-app/gradio/commit/9f71086036339bfdd14f3aab29729041a01fc2d4) - Ensure undo/try shows for final bot message in gr.Chatbot. Thanks [@hannahblair](https://redirect.github.com/hannahblair)!
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==4.44.1->==5.0.0GitHub Vulnerability Alerts
CVE-2024-47165
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the
localhost_aliasesvariable includes "null" as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication.Patches
Yes, please upgrade to
gradio>=5.0to address this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can manually modify the
localhost_aliaseslist in their local Gradio deployment to exclude "null" as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation.CVE-2024-47166
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a one-level read path traversal in the
/custom_componentendpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers.Patches
Yes, please upgrade to
gradio>=4.44to address this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories.
CVE-2024-47167
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability relates to Server-Side Request Forgery (SSRF) in the
/queue/joinendpoint. Gradio’sasync_save_url_to_cachefunction allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching.Patches
Yes, please upgrade to
gradio>=5to address this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the
/queue/joinendpoint can help mitigate the risk of SSRF attacks.CVE-2024-47168
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted.
Patches
Yes, please upgrade to gradio>=4.44 to address this issue.
CVE-2024-47867
Impact
This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature.
Who is impacted?
Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling.
Patches
Yes, please upgrade to
gradio>=5.0, which includes a fix to verify the integrity of the downloaded binary.Workarounds
There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.
CVE-2024-47868
Impact
What kind of vulnerability is it? Who is impacted?
This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data.
Vulnerable Components:
Exploit Scenarios:
/etc/passwd), and downloads sensitive files.Patches
Yes, the issue has been resolved in
gradio>5.0. Upgrading to the latest version will mitigate this vulnerability.CVE-2024-47869
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a timing attack in the way Gradio compares hashes for the
analytics_dashboardfunction. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.Patches
Yes, please upgrade to
gradio>4.44to mitigate this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the risk before applying the patch, developers can manually patch the
analytics_dashboarddashboard to use a constant-time comparison function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.CVE-2024-47870
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a race condition in the
update_root_in_configfunction, allowing an attacker to modify therootURL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition.Patches
Yes, please upgrade to
gradio>=5to address this issue.CVE-2024-47871
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves insecure communication between the FRP (Fast Reverse Proxy) client and server when Gradio's
share=Trueoption is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet usingshare=Truewithout proper encryption, exposing sensitive data to potential eavesdroppers.Patches
Yes, please upgrade to
gradio>=5to address this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can avoid using
share=Truein production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.CVE-2024-47872
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves Cross-Site Scripting (XSS) on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files.
Patches
Yes, please upgrade to
gradio>=5to address this issue.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.
GHSA-26jh-r8g2-6fpr
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability is a data validation issue in the Gradio
Dropdowncomponent's pre-processing step. Even if theallow_custom_valueparameter is set toFalse, attackers can bypass this restriction by sending custom requests with arbitrary values, effectively breaking the developer’s intended input constraints. While this alone is not a severe vulnerability, it can lead to more critical security issues, particularly when paired with other vulnerabilities like file downloads from the user's machine.Patches
Yes, this issue is addressed in
gradio>=5.0. Please upgrade to the latest version to resolve the problem.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the issue without upgrading, developers can add manual validation in their prediction function to check the received values against the allowed dropdown values before processing them.
Release Notes
gradio-app/gradio (gradio)
### [`v5.0.0`](https://redirect.github.com/gradio-app/gradio/blob/HEAD/CHANGELOG.md#500-beta10) [Compare Source](https://redirect.github.com/gradio-app/gradio/compare/gradio@4.44.1...gradio@5.0.0) ##### Fixes - [#9600](https://redirect.github.com/gradio-app/gradio/pull/9600) [`9f71086`](https://redirect.github.com/gradio-app/gradio/commit/9f71086036339bfdd14f3aab29729041a01fc2d4) - Ensure undo/try shows for final bot message in gr.Chatbot. Thanks [@hannahblair](https://redirect.github.com/hannahblair)!Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.