HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-10569

CVSS 7.5v3.0pub. 2025-03-20upd. 2025-10-07

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Gradio Project Gradio

    APP
    Gradio Project
    2024-09-18
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-39236CRITICAL9.8PL βœ“ten sam produkt

Code injection w Gradio v4.36.1 via component_meta.py

CVE-2024-4253CRITICAL9.1PL βœ“ten sam produkt

Command Injection w workflow CI/CD repozytorium Gradio (GitHub Actions)

CVE-2024-0964CRITICAL9.4PL βœ“ten sam produkt

Path Traversal (LFI) w Gradio poprzez zΕ‚oΕ›liwΔ… wartoΕ›Δ‡ JSON w API

CVE-2026-49119HIGH8.7ten sam produkt

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() metho...

CVE-2026-48545HIGH7.6ten sam produkt

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform...

CVE-2024-10569 β€” Gradio Project β€” Gradio β€” HIGH β€” CVSS 7.5 | CVEbaza.pl