Gradio 允许用户访问任意文件

该漏洞的潜在影响非常严重，尤其是在 Gradio 应用通过公共链接（例如 Hugging Face Spaces）部署的情况下。攻击者可以利用此漏洞访问服务器上的敏感文件，包括源代码、配置文件、数据库凭据等。这可能导致数据泄露、系统入侵，甚至完全控制服务器。攻击者可以通过精心构造的网络请求来绕过安全措施，从而访问未经授权的文件。虽然目前尚未观察到该漏洞被实际利用，但考虑到其严重性，及时修复至关重要。

Organizations and individuals deploying Gradio applications with public links, particularly those hosted on platforms like Hugging Face Spaces, are at risk. This includes machine learning engineers, data scientists, and developers who rely on Gradio for building and sharing interactive model demos. Legacy Gradio deployments and those with overly permissive file system permissions are particularly vulnerable.

• python / gradio: Monitor Gradio application logs for unusual file access attempts.

import logging
logging.basicConfig(filename='gradio_app.log', level=logging.INFO)
# ... your Gradio app code ...

• generic web: Inspect access logs for requests targeting unusual file paths within the Gradio application directory. • generic web: Check response headers for unexpected file content types or sizes. • generic web: Use curl to attempt accessing files outside the intended application directory (e.g., /../../etc/passwd).

curl 'http://your-gradio-app.com/../../etc/passwd'

1. 2024-09-25Disclosure

   disclosure

1. 已保留2024-02-21
2. 发布日期2024-09-25
3. 修改日期2026-02-03
4. EPSS 更新日期2026-04-02

最有效的缓解措施是升级到 Gradio 4.19.2 或更高版本，该版本修复了此漏洞。如果无法立即升级，可以考虑以下临时缓解措施：限制 Gradio 应用的网络访问权限，只允许访问必要的文件和资源；实施严格的网络监控，检测异常的网络请求；使用 Web 应用防火墙 (WAF) 过滤恶意请求。升级后，请验证 Gradio 应用是否正常运行，并检查服务器上的文件是否受到未经授权的访问。