A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HGradio Project Gradio
APPGradio Project2024-09-18
Powiązane podatności
Code injection w Gradio v4.36.1 via component_meta.py
Command Injection w workflow CI/CD repozytorium Gradio (GitHub Actions)
Path Traversal (LFI) w Gradio poprzez złośliwą wartość JSON w API
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() metho...
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform...