CVE-2024-10648 Information

Description

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file leading to arbitrary file content deletion. By manipulating the output format an attacker can reset any file to an empty file causing a denial of service (DOS) on the server.

Reference

https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76