Undefined Behavior for Input to API

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the dataframe component. An attacker can cause a server crash and denial of service by uploading a maliciousl...

Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

CVE-2024-10569 Zip Bomb Vulnerability in gradio-app/gradio

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

Gradio 安全漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in version 98cbcae of Gradio, which stems from the improper handling of compressed files by the dataframe componen...