HIGH🇬🇧 English

CVE-2024-10569

CVSS 7.5v3.0pub. 2025-03-20upd. 2025-10-07

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Gradio Project Gradio

    APP
    Gradio Project
    2024-09-18
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2024-39236CRITICAL9.8PL ✓ten sam produkt

Code injection w Gradio v4.36.1 via component_meta.py

CVE-2024-4253CRITICAL9.1PL ✓ten sam produkt

Command Injection w workflow CI/CD repozytorium Gradio (GitHub Actions)

CVE-2024-0964CRITICAL9.4PL ✓ten sam produkt

Path Traversal (LFI) w Gradio poprzez złośliwą wartość JSON w API

CVE-2026-49119HIGH8.7ten sam produkt

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() metho...

CVE-2026-48545HIGH7.6ten sam produkt

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform...