CVE-2024-10569 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-10569

CVE-2024-10569

March 20, 2025

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.

Related Resources (4)

https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74

https://github.com/gradio-app/gradio

https://nvd.nist.gov/vuln/detail/CVE-2024-10569

https://github.com/gradio-app/gradio/blob/98cbcaef827de7267462ccba180c7b2ffb1e825d/gradio/components/dataframe.py#L263

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Undefined Behavior for Input to API

CWE-475

EPSS

Base Score:

0.16

Products

Solutions

Resources

Company

Compare

Developer Tools