GrepRules
Sign inPublish rule
Explore/cve-2024-1183-gradio-utils-validate-url-ssrf

CVE-2024-1183: Gradio Utils Validate Url Ssrf

The `utils.validate_url` function in Gradio performs an active HTTP request to validate a URL. Passing user-controlled input to this function enables Server-Side Request Forgery (SSRF) attacks. Use static lexical validation implementations instead.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Python
greprules fetch cve-2024-1183-gradio-utils-validate-url-ssrf --engine opengrep

Description

The `utils.validate_url` function in Gradio performs an active HTTP request to validate a URL. Passing user-controlled input to this function enables Server-Side Request Forgery (SSRF) attacks. Use static lexical validation implementations instead.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
141 downloads0 direct141 via packs
· 0 stars · Quality score 72How quality works
Included packs
2 packs