Spaces:
Running
on
A10G
URGENT: CVE's/vulns Present, Update Dependencies
Your current dependency versions are dangerously out of date.
This PR updates the Docker Image to use cuda 12.8 and ubuntu 24.04 (the new LTS), while 22.04 is not EOL yet(EOL on April 2027), while i did not check cuda 11.8 weather its EOL, i highly suspect its EOL and not getting security updates.
I also updated the pip dependency 'gradio_huggingfacehub_search to 0.0.8', incrementing the patch version by 1. (upstream latest is 0.0.12)
And updated python from 3.10.11 to 3.11 (note that your current version is 6 security patch versions behind, and has some cve's which may apply to the 'subprocess' and hashing standard libraries used)
I did not specify a patch version, because all future patches to 3.11 are security only, if anything did break due to a security patch it would probably be a good thing, CVEs in 'subprocess' and other system level stdlib get CVE's frequently.
I noticed the dependencies on this project were very outdated, a lot of the deps are EOL, and please note i didn't have time to migrate everything and have found, multiple critical CVEs apply to gradio(v4) still, as v5 is the new stable i would reccomend migrating.
"gradio[oauth]>=4.28.0" -> its pinned to v4.
"gradio_huggingfacehub_search==0.0.8" -> i incremented the version by one, but its still 3 months outdated at time of writing, i didnt upgrade to 0.0.12 because there were some label overlay issues of the text "Quantization Method", i assume it would be easy to fix that.
Assuming this PR gets merged, my remaining concerns would be the gradio version and 'gradio_huggingfacehub_search'
Hmm why?
(Asking this because your PR was empty)
Hmm why?
Mostly for security reasons, also might help performance, i did test it with various LLM models, even vision ones.
I would advise these dependencies get updated soon, particularly (python version, cuda version and gradio version) because they are either unpatched(patch version not updated) or EOL.
If you would like i could demonstrate a PoC exploit sometime, privately on a duplicate space.
Seeing as this space asks for Oauth access to users account and also uses a fair amount of compute, etc, the risks of an RCE are moderate to high.
Secondly, the only non version bump change i made was changing RUN useradd -m -u 1000 user to RUN id -u 1000 &>/dev/null || useradd -m -u 1000 user
This is because when running locally i was getting an issue implying the user was taken, etc. If you want, i can revert those 2 lines as they dont relate to the version bump itself. Either way i dont think it hurts performance or compatibility.
Also gradio still needs to be updated to v5 and radio_huggingfacehub_search may need to be updated(i havent checked the sourcecode of that dependency yet for possible exploitable issues yet). those are outside the scope of this PR, as it took a while to stress test this PR and major python code changes might slow down the approval process.
If you want to see the cve's, i reccomend using pip-audit and similar tools for docker image security analysis, i wont mention the specific applicable CVEs, etc. here for obvious reasons.
If you want to discuss this privately, you can email me at '[email protected]', i am also on discord and similar platforms if you prefer them. i can email you further info if you wish.
Hello @ngxson , could you let me know how we should proceed?
I.E, what needs to be done for this to be merged.
I realize i only opened this yesterday and appreciate your time, however based on the current security situation i would like this PR to be fast tracked if possible, Tomorrow i have set aside some time between work shifts, to focus on this PR to address any issues and do further testing if needed.
The current state of the PR based on my tests, is that it can be merged as is, I can do further testing if you prefer.
I also as a side note, noticed there is no License in this repo(pertaining to the code) that i could find, So to avoid copyright issues i would recommend you add a license(ideally a libre one). I could append my name to the top of the file to resolve any licensing issues(depending on what the license requests for contributors).
As the repo is, it appears with no license file, under the berne convention the copyright defaults to "All Rights Reserved" (for almost every country, bar 5 or six countries who never signed it). the huggingface terms may allow redistribution and such, but it appears to be non-free software as of right now.
P.S: thanks for developing this tool, i use it regularly and its very good, its basically the goto Space for many people on HuggingFace and would like to extend my gratitude to you and all the other contributors who make this possible.
Hey @ngxson , @ggerganov , and @pcuenq ,
Could you take a look at this PR when you have a moment? I know I've been commenting a lot, but I'm concerned about the security implications of the outdated dependencies.
As it stands, I believe this PR is ready to merge. It's a significant improvement, mostly on the security front, but likely performance as well due to the major CUDA version bump. Although doesn't fix everything (Gradio 4 is EOL),it's a good start.
Please raise any concerns or changes needed. I am happy to address them ASAP, initial testing raises no issues.
If needed, Tomorrow i will start drafting a vulnerability disclosure report that I'll send privately via email once completed, following ISO/IEC 29147:2018 guidelines (and the 90-day disclosure timeline from the llama.cpp policy, assuming it applies here). I will send it to the most relevent org email address once i establish what that address is.
I do also need to, at minimum raise concern and recommend strongly adding a license to the repo. Without one, it defaults to "All Rights Reserved" (under the berne convention) copyright for each contributor, which might cause headaches furthur down the line. Here's my copyright line if you need it:
Copyright (C) 2025 James David Clarke <[email protected]>
Many thanks,
James David Clarke
EDIT: As an addendum, please see here resource for why "no license" may be problematic: https://choosealicense.com/no-permission/
We can merge this if someone can confirm that it does not break anything.
Can you simply confirm that you test it locally?
Re license. Something like MIT works well enough (add a PR if you want)
If you want to get credit, I think you can simply add a credit section and your name the beginning of Dockerfile