exploitDog

CVE-2024-10648

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Ссылки

https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gradio_project:gradio:2024-09-18:*:*:*:*:python:*:*

EPSS

Процентиль: 48%

0.00245

Низкий

8.2 High

CVSS3

Дефекты

CWE-29

Связанные уязвимости

GHSA-pgfv-gvc5-prfg

CVSS3: 8.2

github

11 месяцев назад

Gradio Vulnerable to Arbitrary File Deletion

EPSS

Процентиль: 48%

0.00245

Низкий

8.2 High

CVSS3

Дефекты

CWE-29