CVE-2024-12217
Path Traversal vulnerability in gradio (PyPI)
What is CVE-2024-12217 About?
A path traversal vulnerability exists in gradio-app/gradio (git 67e4044) on Windows OS due to flawed `blocked_path` implementation. This allows unauthorized reading of blocked files by using NTFS Alternate Data Streams (ADS) syntax. Exploitation requires knowledge of specific Windows filesystem features and is thus moderately complex.
Affected Software
Technical Details
The gradio-app/gradio repository, specifically version git 67e4044, contains a path traversal vulnerability impacting Windows operating systems. The blocked_path functionality, designed to restrict access to certain files, fails to properly sanitize or interpret file paths when NTFS Alternate Data Streams (ADS) syntax is employed. While standard paths like 'C:/tmp/secret.txt' are correctly blocked, an attacker can bypass these restrictions by appending '::$DATA' to the file path (e.g., 'C:/tmp/secret.txt::$DATA'). This ADS syntax is treated differently by the underlying Windows filesystem and is not correctly caught by Gradio's blocking logic, allowing unauthorized access and reading of files that should otherwise be protected.
What is the Impact of CVE-2024-12217?
Successful exploitation may allow attackers to gain unauthorized access to sensitive files or read confidential data that is meant to be blocked.
What is the Exploitability of CVE-2024-12217?
Exploitation complexity is moderate, as it requires specific knowledge of how Windows OS handles NTFS Alternate Data Streams and crafting requests that incorporate this syntax. Authentication requirements are not explicitly stated, but if the blocked_path functionality applies to authenticated users accessing files, then authentication would be a prerequisite. This is a remote attack, assuming the Gradio application is exposed to users. The primary constraint is the system running on Windows OS, and the specific mechanism of bypassing the path block depends on the exact implementation of the blocked_path logic and how it interacts with the filesystem APIs.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-12217?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://huntr.com/bounties/0439bf3d-cb38-43a5-8314-0fadf85cc5a0
- https://osv.dev/vulnerability/GHSA-prpg-p95c-32fv
- https://github.com/gradio-app/gradio/blob/67e4044c9ca8358eceeb1fa72fa415df03397d20/gradio/utils.py#L1061-L1074
- https://nvd.nist.gov/vuln/detail/CVE-2024-12217
- https://huntr.com/bounties/0439bf3d-cb38-43a5-8314-0fadf85cc5a0
- https://github.com/gradio-app/gradio
What are Similar Vulnerabilities to CVE-2024-12217?
Similar Vulnerabilities: CVE-2023-50073 , CVE-2023-28704 , CVE-2021-26084 , CVE-2020-25257 , CVE-2016-10738
