CVE-2024-10648

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-29
View all →

Vulnerability Description

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

Related Vulnerabilities

CVE-2023-6831

HIGH
CVSS:8.1(High)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE-292023

CVE-2024-3435

HIGH
CVSS:8.4(High)

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to ...

CWE-292024

CVE-2023-0104

HIGH
CVSS:7.8(High)

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or ...

CWE-292023

CVE-2024-2914

HIGH
CVSS:7.8(High)

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to o...

CWE-292024

CVE-2023-6023

HIGH
CVSS:8.6(High)

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

CWE-292023

CVE-2024-21542

HIGH
CVSS:8.6(High)

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive fu...

CWE-292024