Home > Vulnerability Database > CVE-2024-10648

Mend.io Vulnerability Database

CVE-2024-10648

Good to know:

Date: March 20, 2025

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Severity Score

8.2

Related Resources (5)

Url: https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76

Url: https://github.com/gradio-app/gradio/blame/98cbcaef827de7267462ccba180c7b2ffb1e825d/gradio/processing_utils.py#L234

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10648

Url: https://github.com/gradio-app/gradio

Url: https://www.mend.io/vulnerability-database/CVE-2024-10648

Severity Score

8.2

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10648

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?