CVE-2024-10569
HIGHDescription
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
Is your site exposed to CVE-2024-10569?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gradio_project | gradio |
References
Frequently Asked Questions
What is CVE-2024-10569? +
How severe is CVE-2024-10569? +
What products are affected by CVE-2024-10569? +
How do I check if I'm vulnerable to CVE-2024-10569? +
Related Vulnerabilities
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service …
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to …
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) …
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. …
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure …
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to …