{"id":"CVE-2024-1183","details":"An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.","aliases":["GHSA-qh6x-j82h-vpf9"],"modified":"2026-03-14T12:24:35.533248Z","published":"2024-04-16T00:15:07.990Z","references":[{"type":"FIX","url":"https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4"},{"type":"EVIDENCE","url":"https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gradio-app/gradio","events":[{"introduced":"ba4c6d9e65138c97062d1757d2a588c4fc449daa"},{"fixed":"160e3895805a45030a5e051f6bec2d399e354ad1"},{"fixed":"2ad3d9e7ec6c8eeea59774265b44f11df7394bb4"}],"database_specific":{"versions":[{"introduced":"3.41.0"},{"fixed":"4.11.0"}]}}],"versions":["@gradio/atoms@0.2.0","@gradio/atoms@0.2.0-beta.6","@gradio/atoms@0.2.1","@gradio/atoms@0.2.2","@gradio/atoms@0.3.0","@gradio/atoms@0.3.1","@gradio/atoms@0.4.0","@gradio/audio@0.4.0","@gradio/audio@0.4.0-beta.9","@gradio/audio@0.4.1","@gradio/audio@0.4.2","@gradio/audio@0.4.3","@gradio/audio@0.5.0","@gradio/audio@0.5.1","@gradio/audio@0.5.2","@gradio/audio@0.5.3","@gradio/audio@0.5.4","@gradio/audio@0.5.5","@gradio/audio@0.6.0","@gradio/audio@0.6.1","@gradio/audio@0.6.2","@gradio/box@0.1.0","@gradio/box@0.1.0-beta.7","@gradio/box@0.1.1","@gradio/box@0.1.2","@gradio/box@0.1.3","@gradio/box@0.1.4","@gradio/box@0.1.5","@gradio/button@0.2.0","@gradio/button@0.2.0-beta.7","@gradio/button@0.2.1","@gradio/button@0.2.10","@gradio/button@0.2.11","@gradio/button@0.2.12","@gradio/button@0.2.2","@gradio/button@0.2.3","@gradio/button@0.2.4","@gradio/button@0.2.5","@gradio/button@0.2.6","@gradio/button@0.2.7","@gradio/button@0.2.8","@gradio/button@0.2.9","@gradio/chatbot@0.4.0","@gradio/chatbot@0.4.0-beta.9","@gradio/chatbot@0.4.1","@gradio/chatbot@0.4.2","@gradio/chatbot@0.4.3","@gradio/chatbot@0.4.4","@gradio/chatbot@0.4.5","@gradio/chatbot@0.4.6","@gradio/chatbot@0.4.7","@gradio/chatbot@0.4.8","@gradio/chatbot@0.5.0","@gradio/chatbot@0.5.1","@gradio/chatbot@0.5.2","@gradio/chatbot@0.5.3","@gradio/chatbot@0.5.4","@gradio/checkbox@0.2.0","@gradio/checkbox@0.2.0-beta.8","@gradio/checkbox@0.2.1","@gradio/checkbox@0.2.2","@gradio/checkbox@0.2.3","@gradio/checkbox@0.2.4","@gradio/checkbox@0.2.5","@gradio/checkboxgroup@0.3.0","@gradio/checkboxgroup@0.3.0-beta.8","@gradio/checkboxgroup@0.3.1","@gradio/checkboxgroup@0.3.2","@gradio/checkboxgroup@0.3.3","@gradio/checkboxgroup@0.3.4","@gradio/checkboxgroup@0.3.5","@gradio/checkboxgroup@0.3.6","@gradio/client@0.2.1","@gradio/client@0.3.0","@gradio/client@0.3.1","@gradio/client@0.4.0","@gradio/client@0.4.1","@gradio/client@0.4.2","@gradio/client@0.5.0","@gradio/client@0.5.1","@gradio/client@0.5.2","@gradio/client@0.6.0","@gradio/client@0.7.0","@gradio/client@0.7.0-beta.1","@gradio/client@0.7.1","@gradio/client@0.7.2","@gradio/client@0.8.0","@gradio/client@0.8.1","@gradio/client@0.8.2","@gradio/client@0.9.0","@gradio/client@0.9.1","@gradio/client@0.9.2","@gradio/code@0.2.0","@gradio/code@0.2.0-beta.8","@gradio/code@0.2.1","@gradio/code@0.2.2","@gradio/code@0.2.3","@gradio/code@0.2.4","@gradio/code@0.2.5","@gradio/code@0.2.6","@gradio/code@0.2.7","@gradio/code@0.2.8","@gradio/code@0.2.9","@gradio/code@0.3.0","@gradio/code@0.3.1","@gradio/code@0.3.2","@gradio/colorpicker@0.2.0","@gradio/colorpicker@0.2.0-beta.8","@gradio/colorpicker@0.2.1","@gradio/colorpicker@0.2.2","@gradio/colorpicker@0.2.3","@gradio/colorpicker@0.2.4","@gradio/colorpicker@0.2.5","@gradio/column@0.1.0","@gradio/column@0.1.0-beta.3","@gradio/dataframe@0.3.0","@gradio/dataframe@0.3.0-beta.8","@gradio/dataframe@0.3.1","@gradio/dataframe@0.3.10","@gradio/dataframe@0.3.11","@gradio/dataframe@0.3.2","@gradio/dataframe@0.3.3","@gradio/dataframe@0.3.4","@gradio/dataframe@0.3.5","@gradio/dataframe@0.3.6","@gradio/dataframe@0.3.7","@gradio/dataframe@0.3.8","@gradio/dataframe@0.3.9","@gradio/dataframe@0.4.0","@gradio/dataframe@0.4.1","@gradio/dataframe@0.4.2","@gradio/dataset@0.1.0","@gradio/dataset@0.1.0-beta.2","@gradio/dataset@0.1.1","@gradio/dataset@0.1.10","@gradio/dataset@0.1.11","@gradio/dataset@0.1.12","@gradio/dataset@0.1.2","@gradio/dataset@0.1.3","@gradio/dataset@0.1.4","@gradio/dataset@0.1.5","@gradio/dataset@0.1.6","@gradio/dataset@0.1.7","@gradio/dataset@0.1.8","@gradio/dataset@0.1.9","@gradio/dropdown@0.3.0","@gradio/dropdown@0.3.0-beta.8","@gradio/dropdown@0.3.1","@gradio/dropdown@0.3.2","@gradio/dropdown@0.3.3","@gradio/dropdown@0.4.0","@gradio/dropdown@0.4.1","@gradio/dropdown@0.4.2","@gradio/fallback@0.2.0","@gradio/fallback@0.2.0-beta.8","@gradio/fallback@0.2.1","@gradio/fallback@0.2.2","@gradio/fallback@0.2.3","@gradio/fallback@0.2.4","@gradio/fallback@0.2.5","@gradio/file@0.2.0","@gradio/file@0.2.0-beta.8","@gradio/file@0.2.1","@gradio/file@0.2.2","@gradio/file@0.2.3","@gradio/file@0.2.4","@gradio/file@0.2.5","@gradio/file@0.2.6","@gradio/file@0.2.7","@gradio/file@0.3.0","@gradio/file@0.3.1","@gradio/file@0.4.0","@gradio/file@0.4.1","@gradio/file@0.4.2","@gradio/form@0.1.0","@gradio/form@0.1.0-beta.7","@gradio/form@0.1.1","@gradio/form@0.1.2","@gradio/form@0.1.3","@gradio/form@0.1.4","@gradio/form@0.1.5","@gradio/gallery@0.4.0","@gradio/gallery@0.4.0-beta.9","@gradio/gallery@0.4.1","@gradio/gallery@0.4.10","@gradio/gallery@0.4.11","@gradio/gallery@0.4.12","@gradio/gallery@0.4.13","@gradio/gallery@0.4.2","@gradio/gallery@0.4.3","@gradio/gallery@0.4.4","@gradio/gallery@0.4.5","@gradio/gallery@0.4.6","@gradio/gallery@0.4.7","@gradio/gallery@0.4.8","@gradio/gallery@0.4.9","@gradio/group@0.1.0","@gradio/group@0.1.0-beta.2","@gradio/highlightedtext@0.4.0","@gradio/highlightedtext@0.4.0-beta.8","@gradio/highlightedtext@0.4.1","@gradio/highlightedtext@0.4.2","@gradio/highlightedtext@0.4.3","@gradio/highlightedtext@0.4.4","@gradio/highlightedtext@0.4.5","@gradio/html@0.1.0","@gradio/html@0.1.0-beta.8","@gradio/html@0.1.1","@gradio/html@0.1.2","@gradio/html@0.1.3","@gradio/html@0.1.4","@gradio/html@0.1.5","@gradio/icons@0.2.0","@gradio/icons@0.2.0-beta.3","@gradio/icons@0.2.1","@gradio/icons@0.3.0","@gradio/icons@0.3.1","@gradio/icons@0.3.2","@gradio/image@0.3.0","@gradio/image@0.3.0-beta.9","@gradio/image@0.3.1","@gradio/image@0.3.2","@gradio/image@0.3.3","@gradio/image@0.3.4","@gradio/image@0.3.5","@gradio/image@0.3.6","@gradio/image@0.4.0","@gradio/image@0.4.1","@gradio/image@0.4.2","@gradio/image@0.5.0","@gradio/image@0.5.1","@gradio/image@0.5.2","@gradio/imageeditor@0.0.1","@gradio/imageeditor@0.1.0","@gradio/imageeditor@0.1.1","@gradio/imageeditor@0.1.2","@gradio/imageeditor@0.1.3","@gradio/imageeditor@0.1.4","@gradio/imageeditor@0.1.5","@gradio/json@0.1.0","@gradio/json@0.1.0-beta.8","@gradio/json@0.1.1","@gradio/json@0.1.2","@gradio/json@0.1.3","@gradio/json@0.1.4","@gradio/json@0.1.5","@gradio/label@0.2.0","@gradio/label@0.2.0-beta.8","@gradio/label@0.2.1","@gradio/label@0.2.2","@gradio/label@0.2.3","@gradio/label@0.2.4","@gradio/label@0.2.5","@gradio/lite@0.3.1","@gradio/lite@0.3.2","@gradio/lite@0.4.0","@gradio/lite@0.4.1","@gradio/lite@0.4.2","@gradio/lite@0.4.3","@gradio/markdown@0.3.0","@gradio/markdown@0.3.0-beta.8","@gradio/markdown@0.3.1","@gradio/markdown@0.3.2","@gradio/markdown@0.3.3","@gradio/markdown@0.3.4","@gradio/markdown@0.4.0","@gradio/markdown@0.4.1","@gradio/markdown@0.5.0","@gradio/model3d@0.3.0","@gradio/model3d@0.3.0-beta.8","@gradio/model3d@0.3.1","@gradio/model3d@0.4.0","@gradio/model3d@0.4.1","@gradio/model3d@0.4.10","@gradio/model3d@0.4.2","@gradio/model3d@0.4.3","@gradio/model3d@0.4.4","@gradio/model3d@0.4.5","@gradio/model3d@0.4.6","@gradio/model3d@0.4.7","@gradio/model3d@0.4.8","@gradio/model3d@0.4.9","@gradio/number@0.3.0","@gradio/number@0.3.0-beta.8","@gradio/number@0.3.1","@gradio/number@0.3.2","@gradio/number@0.3.3","@gradio/number@0.3.4","@gradio/number@0.3.5","@gradio/plot@0.2.0","@gradio/plot@0.2.0-beta.8","@gradio/plot@0.2.1","@gradio/plot@0.2.2","@gradio/plot@0.2.3","@gradio/plot@0.2.4","@gradio/plot@0.2.5","@gradio/preview@0.1.0","@gradio/preview@0.1.0-beta.8","@gradio/preview@0.1.1","@gradio/preview@0.2.0","@gradio/preview@0.2.1","@gradio/preview@0.2.2","@gradio/preview@0.3.0","@gradio/preview@0.4.0","@gradio/preview@0.5.0","@gradio/preview@0.6.0","@gradio/radio@0.3.0","@gradio/radio@0.3.0-beta.8","@gradio/radio@0.3.1","@gradio/radio@0.3.2","@gradio/radio@0.3.3","@gradio/radio@0.3.4","@gradio/radio@0.3.5","@gradio/radio@0.3.6","@gradio/row@0.1.0","@gradio/row@0.1.0-beta.2","@gradio/row@0.1.1","@gradio/simpledropdown@0.1.0","@gradio/simpledropdown@0.1.0-beta.3","@gradio/simpledropdown@0.1.1","@gradio/simpledropdown@0.1.2","@gradio/simpledropdown@0.1.3","@gradio/simpledropdown@0.1.4","@gradio/simpledropdown@0.1.5","@gradio/simpletextbox@0.1.0","@gradio/simpletextbox@0.1.0-beta.2","@gradio/simpletextbox@0.1.1","@gradio/simpletextbox@0.1.2","@gradio/simpletextbox@0.1.3","@gradio/simpletextbox@0.1.4","@gradio/simpletextbox@0.1.5","@gradio/slider@0.2.0","@gradio/slider@0.2.0-beta.8","@gradio/slider@0.2.1","@gradio/slider@0.2.2","@gradio/slider@0.2.3","@gradio/slider@0.2.4","@gradio/slider@0.2.5","@gradio/state@0.1.0","@gradio/state@0.1.0-beta.2","@gradio/statustracker@0.3.0","@gradio/statustracker@0.3.0-beta.8","@gradio/statustracker@0.3.1","@gradio/statustracker@0.3.2","@gradio/statustracker@0.4.0","@gradio/statustracker@0.4.1","@gradio/statustracker@0.4.2","@gradio/tabitem@0.1.0","@gradio/tabitem@0.1.0-beta.8","@gradio/tabs@0.1.0","@gradio/tabs@0.1.0-beta.8","@gradio/textbox@0.4.0","@gradio/textbox@0.4.0-beta.8","@gradio/textbox@0.4.1","@gradio/textbox@0.4.2","@gradio/textbox@0.4.3","@gradio/textbox@0.4.4","@gradio/textbox@0.4.5","@gradio/textbox@0.4.6","@gradio/theme@0.2.0","@gradio/theme@0.2.0-beta.2","@gradio/tooltip@0.1.0","@gradio/tooltip@0.1.0-beta.2","@gradio/tootils@0.1.0","@gradio/tootils@0.1.0-beta.7","@gradio/tootils@0.1.1","@gradio/tootils@0.1.2","@gradio/tootils@0.1.3","@gradio/tootils@0.1.4","@gradio/tootils@0.1.5","@gradio/tootils@0.1.6","@gradio/upload@0.3.0","@gradio/upload@0.3.0-beta.6","@gradio/upload@0.3.1","@gradio/upload@0.3.2","@gradio/upload@0.3.3","@gradio/upload@0.4.0","@gradio/upload@0.4.1","@gradio/upload@0.4.2","@gradio/upload@0.5.0","@gradio/upload@0.5.1","@gradio/upload@0.5.2","@gradio/upload@0.5.3","@gradio/upload@0.5.4","@gradio/upload@0.5.5","@gradio/uploadbutton@0.1.0","@gradio/uploadbutton@0.1.0-beta.7","@gradio/uploadbutton@0.1.1","@gradio/uploadbutton@0.1.2","@gradio/uploadbutton@0.1.3","@gradio/uploadbutton@0.1.4","@gradio/uploadbutton@0.1.5","@gradio/uploadbutton@0.2.0","@gradio/uploadbutton@0.2.1","@gradio/uploadbutton@0.2.2","@gradio/uploadbutton@0.3.0","@gradio/uploadbutton@0.3.1","@gradio/uploadbutton@0.3.2","@gradio/uploadbutton@0.3.3","@gradio/utils@0.2.0","@gradio/utils@0.2.0-beta.6","@gradio/video@0.1.0","@gradio/video@0.1.0-beta.9","@gradio/video@0.1.1","@gradio/video@0.1.2","@gradio/video@0.1.3","@gradio/video@0.1.4","@gradio/video@0.1.5","@gradio/video@0.1.6","@gradio/video@0.1.7","@gradio/video@0.1.8","@gradio/video@0.1.9","@gradio/video@0.2.0","@gradio/video@0.2.1","@gradio/video@0.2.2","@gradio/wasm@0.2.0","@gradio/wasm@0.2.0-beta.2","@gradio/wasm@0.3.0","@gradio/wasm@0.4.0","gradio@3.41.0","gradio@3.41.1","gradio@3.41.2","gradio@3.42.0","gradio@3.43.0","gradio@3.43.1","gradio@3.43.2","gradio@3.44.0","gradio@3.44.1","gradio@3.44.2","gradio@3.44.3","gradio@3.44.4","gradio@3.45.0","gradio@3.45.1","gradio@3.45.2","gradio@3.46.0","gradio@3.46.1","gradio@3.47.0","gradio@3.47.1","gradio@3.48.0","gradio@3.49.0","gradio@3.50.0","gradio@3.50.1","gradio@3.50.2","gradio@4.0.0","gradio@4.0.0-beta.15","gradio@4.0.1","gradio@4.0.2","gradio@4.1.0","gradio@4.1.1","gradio@4.1.2","gradio@4.10.0","gradio@4.2.0","gradio@4.3.0","gradio@4.4.0","gradio@4.4.1","gradio@4.5.0","gradio@4.6.0","gradio@4.7.0","gradio@4.8.0","gradio@4.9.0","gradio@4.9.1","gradio_client@0.5.0","gradio_client@0.5.1","gradio_client@0.5.2","gradio_client@0.5.3","gradio_client@0.6.0","gradio_client@0.6.1","gradio_client@0.7.0","gradio_client@0.7.0-beta.2","gradio_client@0.7.1","gradio_client@0.7.2","gradio_client@0.7.3","v3.41.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1183.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}