HIGH 7.5

GHSA-5cpq-9538-jm2j

Gradio DOS in multipart boundry while uploading the file

Details

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / gradio

Introduced in: 0

No fixed version published yet for gradio (pip). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8966 [ADVISORY]
https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47 [WEB]
https://github.com/gradio-app/gradio [PACKAGE]
https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 [WEB]