All intelligence
// vulnerability record
live · NVDCVE-2024-10648
HIGHpublished 2025-03-20 10:15 UTC · 1 year ago · modified 2026-06-17 06:56 UTC
8.2
CVSS / 10
// description
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
// cvss 3.0 vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
// weaknesses (CWE)
- CWE-29