ГлавнаяУязвимости → CVE-2024-8966
7.5высокая

CVE-2024-8966

Описание

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Затрагиваемое ПО
Gradio Video
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2