All intelligence
// vulnerability record
live · NVDCVE-2024-10569
HIGHpublished 2025-03-20 10:15 UTC · 1 year ago · modified 2026-06-17 06:55 UTC
7.5
CVSS / 10
// description
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
// cvss 3.0 vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
// weaknesses (CWE)
- CWE-475