Home

Description

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

PUBLISHED Reserved 2024-09-17 | Published 2025-03-20 | Updated 2025-10-15 | Assigner @huntr_ai




HIGH: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Any version before 5.9
affected

References

huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 exploit

huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2

github.com/...ommit/f1718c47137f9c60240da7afe5e3290aa0f1cb47

cve.org (CVE-2024-8966)

nvd.nist.gov (CVE-2024-8966)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.