{"data":{"id":"063ca5d4-7df7-4e32-8648-8ac723aecdac","title":"CVE-2024-8966: A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Serv","summary":"CVE-2024-8966 is a vulnerability in Gradio version @gradio/video@0.10.2 that allows attackers to cause a Denial of Service (DoS, when a system becomes unavailable to users) by uploading files with extremely long multipart boundaries (the separators in file upload data). The attack forces the system to continuously process characters and issue warnings, making Gradio inaccessible for extended periods.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-8966","publishedAt":"2025-03-20T14:15:45.340Z","cveId":"CVE-2024-8966","cweIds":["CWE-770"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio","gradio-app/gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00221,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}