CVE-2024-10624

High CVSS: 7.5

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$` to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.

Vendor

Gradio Project

Product

Gradio

CWE

CWE-1333

Yayın Tarihi

2025-03-20 10:15:17

Güncelleme

2025-10-15 13:15:36

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-1333 Gradio HIGH Gradio Project 2025

Referanslar

https://huntr.com/bounties/e8d0b248-8feb-4c23-9ef9-be4d1e868374

Benzer Kayıtlar

High

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Win…

Medium

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target(…

High

CVE-2026-28416

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Fo…

Unknown

CVE-2026-27167

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version…

Medium

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning mod…

High

CVE-2025-0187

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. T…