Denial of Service Vulnerability in Gradio by Gradio-App
CVE-2024-8966

7.5HIGH

Key Information:

Vendor: Gradio-app
Status: Gradio-app/gradio
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-8966?

A vulnerability exists in Gradio's file upload mechanism that can be exploited to mount a Denial of Service (DoS) attack. Attackers can manipulate the multipart boundary by appending an excessive number of characters, leading to continuous processing by the system. This behavior generates persistent warnings and can lead to significant service disruption, making Gradio unavailable for users and creating extended downtime for services relying on this application.

Affected Version(s)

gradio-app/gradio <= unspecified

References

https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Sep 17, 2024

Gradio-app

What is CVE-2024-8966?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline