Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-8966
CVE-2024-8966:
Gradio vulnerability analysis and mitigation
Overview
A vulnerability (CVE-2024-8966) was discovered in the file upload process of gradio-app/gradio version @gradio/video@0.10.2. The vulnerability was reported and assigned a CVSS 3.0 base score of 7.5 (HIGH) (Huntr).
Technical details
The vulnerability is classified as an Uncontrolled Resource Consumption (CWE-400) issue. When processing file uploads, the system can be exploited by appending a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings (NVD). The vulnerability has been assigned a CVSS vector string of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with low attack complexity and no required privileges or user interaction (Huntr).
Impact
The exploitation of this vulnerability can render Gradio inaccessible for extended periods, causing significant downtime and service disruption. The primary impact is on the availability of the system, with no direct effect on confidentiality or integrity (NVD).
Additional resources
Source: This report was generated using AI
Related Gradio vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management