An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| gradio(PyPI) | 0 | 4.10.0 | N/A |
CVSS Metrics
