CVE-2024-10648
HIGH8.2EPSS 0.25%Gradio Vulnerable to Arbitrary File Deletion
發布日:2025/3/20修改日:2025/3/20
描述
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
受影響套件(1)
- PyPI/gradio>= 4.0.0, <= 5.0.0b2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |