CVE-2024-10569

creationtimestamp| type| source ---|---|--- 2025-03-20 18:20:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8254...

africanwhisper (>=0.2.1 <=0.9.0), agentx (>=0.0.6 <=0.0.27) +214 more potentially affected by CVE-2024-10569 via gradio (>=4.0.0b15 <=5.0.0b10)

gradio PYPI version =4.0.0b15, =0.2.1, =0.0.6, =0.1.0, =0.4.0, =0.0.4, =0.1.0, =25.3.1, =0.0.1, =0.1.0, =0.1.0, =0.1.1, =0.1.0a20, =0.1.0a37 and more Source cves: CVE-2024-10569 Source advisory: OSV:GHSA-7XMC-VHJP-QV5Q...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1048 more potentially affected by CVE-2024-10569 via gradio (>=4.0.0b15 <=6.9.0)

gradio PYPI version =4.0.0b15, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2024-10569 Source advisory: SNYK:PYTHON-GRADIO-9487019...

CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...