CVE-2024-10648

HIGH

Gradio - Denial of Service

Title source: rule

Description

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76

Scores

CVSS v3 8.2

EPSS 0.0034

EPSS Percentile 56.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-29

Status published

Products (2)

gradio_project/gradio 2024-09-18

pypi/gradio 4.0.0PyPI

Published Mar 20, 2025

Tracked Since Feb 18, 2026