A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$ to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.
{
"github_reviewed_at": "2025-03-20T20:39:00Z",
"nvd_published_at": "2025-03-20T10:15:17Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"severity": "HIGH"
}