.. / CVE-2024-1561

Exploit for Gradio 4.3-4.12 - Local File Read (CVE-2024-1561)

Description:

Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12

Nuclei Template

View the template here CVE-2024-1561.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-1561.yaml
Copy

References:

https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
https://github.com/DiabloHTB/CVE-2024-1561
https://huntr.com/bounties/4acf584e-2fe8-490e-878d-2d9bf2698338
https://nvd.nist.gov/vuln/detail/CVE-2024-1561
https://www.gradio.app/changelog#4-13-0