Description

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

INFO

Published Date :

2025-03-20T10:10:57.236Z

Last Modified :

2025-03-20T17:53:15.263Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10569 vulnerability.

Vendors Products
Gradio Project
  • Gradio
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10569.

URL Resource
https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact