CVE-2024-8966

{"id": "CVE-2024-8966", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:45.340", "references": [{"url": "https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47", "source": "[email protected]"}, {"url": "https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de carga de archivos de gradio-app/gradio versi\u00f3n @gradio/[email protected] permite un ataque de denegaci\u00f3n de servicio (DoS). Un atacante puede a\u00f1adir una gran cantidad de caracteres al final de un l\u00edmite multiparte, lo que provoca que el sistema procese continuamente cada car\u00e1cter y emita advertencias. Esto puede dejar a Gradio inaccesible durante periodos prolongados, interrumpiendo los servicios y provocando un tiempo de inactividad significativo."}], "lastModified": "2025-10-15T13:15:56.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradio:video:0.10.2:*:*:*:*:gradio:*:*", "vulnerable": true, "matchCriteriaId": "A1A0C389-21D5-42BC-9E24-9B1BD2614543"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}