Security Advisory

CVE-2024-10569

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:57

Last updated 2025-03-20 17:53:15

Assigner @huntr_ai

State PUBLISHED

Description

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

← Browse all CVEs View on cve.org ↗