cbcvebase.
CVE-2024-10624
published 2025-03-20

CVE-2024-10624: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected…

PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.01%
58.9th percentile
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$` to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.

Affected

3 ranges
VendorProductVersion rangeFixed in
gradio-appgradio-app_gradiounspecified – latest
gradio_projectgradio
gradio_projectgradio4.38.0 – 5.0.0-beta.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.