CVE-2024-8966

Name of the Vulnerable Software and Affected Versions gradio-app/gradio version @gradio/video@0.10.2

Description A Denial of Service (DoS) attack is possible due to a vulnerability in the file upload process. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Recommendations For version @gradio/video@0.10.2, consider restricting the size of file uploads or the number of characters allowed in multipart boundaries to prevent excessive processing and warnings. As a temporary workaround, consider implementing rate limiting or input validation to minimize the risk of exploitation.