CVE-2024-4325: A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within t
highvulnerability
security
Summary
A Server-Side Request Forgery vulnerability (SSRF, where a server can be tricked into making requests to unintended locations) exists in Gradio version 4.21.0 in the `/queue/join` endpoint and `save_url_to_cache` function. The vulnerability occurs because user-supplied URL input is not properly validated before being used to make HTTP requests, allowing attackers to access internal networks or sensitive cloud server information.
Vulnerability Details
CVSS Score
8.6(high)
EPSS (30-day exploit probability)
EPSS: 65.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-4325
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%