CVE-2024-8966

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2	Exploit
https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:gradio:video:0.10.2:*:*:*:*:gradio:*:*

History

01 Apr 2025, 20:30

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 -~~	() https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 - Exploit
CPE		cpe:2.3:a:gradio:video:0.10.2:::::gradio::
First Time		Gradio Gradio video

20 Mar 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 -~~	() https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 -
Summary		(es) Una vulnerabilidad en el proceso de carga de archivos de gradio-app/gradio versión @gradio/video@0.10.2 permite un ataque de denegación de servicio (DoS). Un atacante puede añadir una gran cantidad de caracteres al final de un límite multiparte, lo que provoca que el sistema procese continuamente cada carácter y emita advertencias. Esto puede dejar a Gradio inaccesible durante periodos prolongados, interrumpiendo los servicios y provocando un tiempo de inactividad significativo.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-04-01 20:30

NVD link : CVE-2024-8966

Mitre link : CVE-2024-8966

CVE.ORG link : CVE-2024-8966

JSON object : View

Products Affected

gradio

video

CWE

CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo

{"id": "CVE-2024-8966", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:45.340", "references": [{"url": "https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2", "tags": ["Exploit"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de carga de archivos de gradio-app/gradio versi\u00f3n @gradio/video@0.10.2 permite un ataque de denegaci\u00f3n de servicio (DoS). Un atacante puede a\u00f1adir una gran cantidad de caracteres al final de un l\u00edmite multiparte, lo que provoca que el sistema procese continuamente cada car\u00e1cter y emita advertencias. Esto puede dejar a Gradio inaccesible durante periodos prolongados, interrumpiendo los servicios y provocando un tiempo de inactividad significativo."}], "lastModified": "2025-04-01T20:30:12.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradio:video:0.10.2:*:*:*:*:gradio:*:*", "vulnerable": true, "matchCriteriaId": "A1A0C389-21D5-42BC-9E24-9B1BD2614543"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}