CVE-2024-10648

Exploit

EPSS 0.25%
Veröffentlicht 20.03.2025 10:11:11
Zuletzt bearbeitet 14.10.2025 18:52:29
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gradio Project ≫ Gradio Version2024-09-18 SwPlatformpython

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.475

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	8.2	3.9	4.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-29 Path Traversal: '\..\filename'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-10648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10648

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10648