CVE-2024-10569

High CVSS: 7.5

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

Vendor

Gradio Project

Product

Gradio

CWE

CWE-475

Yayın Tarihi

2025-03-20 10:15:17

Güncelleme

2025-10-07 20:58:52

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-475 Gradio HIGH Gradio Project 2025

Referanslar

https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74 https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74

Benzer Kayıtlar

High

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Win…

Medium

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target(…

High

CVE-2026-28416

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Fo…

Unknown

CVE-2026-27167

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version…

Medium

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning mod…

High

CVE-2025-0187

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. T…