2024-04-16 00:00:14
@huntr_ai
PUBLISHED
An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the file parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a Location header or a File not allowed error in the response.