Trail of Bits
Audit Open Original ↗

Hugging Face Gradio

Type

Security review

Client

Hugging Face

Date

2024-07

Domain

AppSec

Effort

4 wks

Section

Technology Product Reviews

Trail of Bits's security review of Hugging Face (Jul 2024) identified 27 issues: 8 high, 1 medium, 11 low, 6 informational, and 1 undetermined.

Findings · 27

  1. 1 CORS origin validation is not performed when the request has a cookie High
  2. 2 CORS origin validation accepts the null origin High
  3. 3 SSRF in the path parameter of /queue/join High
  4. 4 The is_in_or_equal function may be bypassed Low
  5. 5 Incorrect Range header validation Informational
  6. 6 The enable_monitoring flag set to False does not disable monitoring Low
  7. 7 One-level write path traversals in /upload Informational
  8. 8 One-level read path traversal in /custom_component Low
  9. 9 Re-implementation of several security-critical functions related to paths Informational
  10. 10 XSS on every Gradio server via upload of HTML files, JS files, or SVG files High
  11. 11 Insecure communication between the FRP client and server High
  12. 12 IP spoofing Low
  13. 13 Race condition in update_root_in_config may redirect user trac High
  14. 14 Non-constant-time comparison when comparing hashes Low
  15. 15 Dropdown component pre-process step does not limit the values to those in the dropdown list Low
  16. 16 Several components’ post-process steps may allow arbitrary file leaks High
  17. 17 Lack of integrity check on the downloaded FRP client Low
  18. 18 The unvalidated remote_host parameter from the external resource is passed as an argument when running the FRP client binary Low
  19. 19 Nginx configuration allows access to any localhost service High
  20. 20 Secrets stored in the gradio-api-server repository Low
  21. 21 Slack secret stored in Hugging Face’s public frp fork repository Undetermined
  22. 22 Insecure permissions on the Nginx configuration files Low
  23. 23 Exposed upload and file endpoints in Gradio with OAuth Medium
  24. 24 The remove_html_tags function does not remove all HTML tags Informational
  25. 25 Unpinned external GitHub CI/CD action versions Low
  26. 26 Incorrect conditional expression in GitHub Actions workflow Informational
  27. 27 Potential command injection in Delete Stale Spaces GitHub Actions Workflow Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related