CVE-2024-10648

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10648

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10648.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10648

Aliases

GHSA-pgfv-gvc5-prfg

Published

2025-03-20T10:15:18.010Z

Modified

2026-03-12T00:14:51.962179Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

References

https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2024-09-18"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10648.json"