CVE-2024-10569

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-475
View all →

Vulnerability Description

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

Related Vulnerabilities

CVE-2020-7925

HIGH
CVSS:7.5(High)

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service....

CWE-4752020

CVE-2024-20380

HIGH
CVSS:7.5(High)

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in...

CWE-4752024

CVE-2023-2253

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows...

CWE-4752023

CVE-2023-4874

MEDIUM
CVSS:6.5(Medium)

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12

CWE-4752023

CVE-2024-12390

HIGH
CVSS:8.8(High)

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Pyt...

CWE-4752024

CVE-2023-4875

MEDIUM
CVSS:5.7(Medium)

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

CWE-4752023