Compliance Impact

The vulnerability allows cross-Space session fixation by enabling attackers to inject and replay parent-domain cookies across different user sessions within the same Gradio deployment. This can lead to unauthorized access to user sessions and potential leakage of sensitive information.

Such unauthorized access and session hijacking can compromise user data confidentiality and integrity, which are critical requirements under common standards and regulations like GDPR and HIPAA.

Therefore, this vulnerability could negatively impact compliance with these regulations by exposing personal or sensitive data to unauthorized parties through session fixation attacks.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in Gradio versions before 6.15.0 and involves a cookie injection issue in the reverse proxy endpoint used by Gradio's /proxy= functionality.

The problem arises because a shared HTTP client (httpx.AsyncClient) is used across all users and Spaces, which stores and replays cookies, including those with a parent-domain scope (e.g., Domain=hf.space).

An attacker controlling any malicious Hugging Face Space can inject a parent-domain cookie that the shared client stores and automatically sends with all subsequent proxy requests to other legitimate Spaces.

This allows cross-Space session fixation, meaning an attacker can hijack or fixate sessions across different Spaces within the same Gradio deployment.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to cross-Space session fixation attacks, where an attacker can hijack user sessions across different Spaces hosted on the same Gradio deployment.

This means that if you are using Gradio to host multiple Spaces, an attacker controlling one Space can inject cookies that affect users accessing other Spaces, potentially gaining unauthorized access or impersonating users.

Such session fixation can compromise user security and privacy by allowing attackers to manipulate or steal session information.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring HTTP proxy requests to identify if cookies with a parent-domain attribute (e.g., Domain=hf.space) are being injected and shared across different Spaces. Since the vulnerability exploits the shared cookie jar in the /proxy= endpoint, observing Set-Cookie headers with Domain=hf.space in responses from any Space could indicate exploitation.

One approach is to capture and inspect HTTP traffic to the /proxy= endpoint for suspicious Set-Cookie headers that specify the parent domain. Tools like curl or HTTP debugging proxies can be used.

• Use curl to inspect Set-Cookie headers from a Space: curl -I https://<space-domain>/proxy=<target>
• Use a network traffic capture tool (e.g., Wireshark or tcpdump) to monitor HTTP responses for Set-Cookie headers with Domain=hf.space.
• Check logs or proxy request headers for cookie reuse across different Spaces, which may indicate cookie injection and replay.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Gradio to version 6.15.0 or later, where the vulnerability has been fixed by isolating cookie jars per proxy request and preventing cookie sharing across Spaces.

The fix involves replacing the shared httpx.AsyncClient with a per-request client that discards cookies after each request, preventing cross-Space cookie injection and session fixation.

Since the fix is server-side and does not change the public API, upgrading the Gradio deployment is the recommended immediate action.

Useful 0 Not Useful 0