CVE-2024-47164

{"id": "CVE-2024-47164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 2.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-10T22:15:10.437", "references": [{"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-77xq-6g77-h274", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio\u2019s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths."}, {"lang": "es", "value": "Gradio es un paquete Python de c\u00f3digo abierto dise\u00f1ado para la creaci\u00f3n r\u00e1pida de prototipos. Esta vulnerabilidad se relaciona con la **omisi\u00f3n de comprobaciones de recorrido de directorio** dentro de la funci\u00f3n `is_in_or_equal`. Esta funci\u00f3n, destinada a comprobar si un archivo reside dentro de un directorio determinado, se puede omitir con ciertas cargas \u00fatiles que manipulan las rutas de archivo mediante secuencias `..` (directorio principal). Los atacantes podr\u00edan acceder potencialmente a archivos restringidos si pueden explotar esta falla, aunque la dificultad es alta. Esto afecta principalmente a los usuarios que dependen de la lista de bloqueo de Gradio o la validaci\u00f3n de acceso al directorio, en particular al manejar cargas de archivos. Se recomienda a los usuarios que actualicen a `gradio>=5.0` para solucionar este problema. Como workaround, los usuarios pueden desinfectar y normalizar manualmente las rutas de archivo en su implementaci\u00f3n de Gradio antes de pasarlas a la funci\u00f3n `is_in_or_equal`. Asegurarse de que todas las rutas de archivo se resuelvan correctamente y sean absolutas puede ayudar a mitigar las vulnerabilidades de omisi\u00f3n causadas por el manejo inadecuado de secuencias `..` o rutas malformadas."}], "lastModified": "2024-10-17T16:40:03.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "32D191C7-095C-427B-832D-C63FE4D4A037", "versionEndExcluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}