ГлавнаяУязвимости → CVE-2024-10648
8.2высокая

CVE-2024-10648

Описание

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Затрагиваемое ПО
Gradio project Gradio
CVSS
Балл8.2 — высокая
ВекторCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Источники
https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76