CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.6%

CVSS Severity

CVSS v3 Score 7.5

References

https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74
https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74

Products affected by CVE-2024-10569

Gradio Project » Gradio » Version: 2024-09-18

cpe:2.3:a:gradio_project:gradio:2024-09-18

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10569

Products

Pricing

Contact Us