CVE-2024-10624

Name of the Vulnerable Software and Affected Versions gradio versions prior to the version that fixes the issue in git commit 98cbcae

Description A Regular Expression Denial of Service (ReDoS) issue exists in the gr.Datetime component, arising from the use of a regular expression ^(?:s*nows*(?:-s*(d+)s*([dmhs]))?)?s*$ to process user input. This can cause the gradio process to consume 100% CPU and potentially lead to a Denial of Service (DoS) condition on the server when an attacker sends a crafted HTTP request.

Recommendations For versions prior to the fix, consider disabling the gr.Datetime component until a patch is available to prevent potential exploitation. Restrict access to the vulnerable gr.Datetime component to minimize the risk of exploitation. Avoid using the regular expression ^(?:s*nows*(?:-s*(d+)s*([dmhs]))?)?s*$ in the gr.Datetime component until the issue is resolved.