CVE-2024-8966

Published: Mar 20, 2025

Modified: Oct 15, 2025

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Vendor	Product	Versions
gradio-app	gradio-app/gradio	affected `unspecified - < 5.9`

Weaknesses (CWE)

CWE-770

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2

https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-8966

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References