CVE-2024-10648 – gradio

Package

Manager: pip
Name: gradio
Vulnerable Version: >=4.0.0 <=5.0.0b2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00199 pctl0.42141

Details

Gradio Vulnerable to Arbitrary File Deletion A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Metadata

Created: 2025-03-20T12:32:39Z
Modified: 2025-03-20T20:35:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-pgfv-gvc5-prfg/GHSA-pgfv-gvc5-prfg.json
CWE IDs: ["CWE-29"]
Alternative ID: GHSA-pgfv-gvc5-prfg
Finding: F184
Auto approve: 1