Home > Vulnerability Database > CVE-2024-8966

Mend.io Vulnerability Database

CVE-2024-8966

Date: March 20, 2025

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47

Url: https://github.com/gradio-app/gradio

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8966

Url: https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2

Url: https://www.mend.io/vulnerability-database/CVE-2024-8966

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8966

Date: March 20, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?