CVE-2024-10648
published 2025-03-20CVE-2024-10648: A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to…
PriorityP345high8.2CVSS 3.0
AVNACLPRNUINSUCNILAH
EPSS
0.67%
47.3th percentile
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio-app_gradio | unspecified – latest | — |
| gradio_project | gradio | — | — |
| gradio_project | gradio | 4.0.0 – 5.0.0b2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gradio Vulnerable to Arbitrary File Deletion
ghsa·2025-03-20
CVE-2024-10648 [HIGH] CWE-29 Gradio Vulnerable to Arbitrary File Deletion
Gradio Vulnerable to Arbitrary File Deletion
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
OSV
Gradio Vulnerable to Arbitrary File Deletion
osv·2025-03-20
CVE-2024-10648 [HIGH] Gradio Vulnerable to Arbitrary File Deletion
Gradio Vulnerable to Arbitrary File Deletion
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published