{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "4.16.0"
              },
              {
                "fixed": "4.19.2"
              }
            ]
          },
          "events": [
            {
              "introduced": "138761226a8070fb18d4f34c757b78d51e1c6101"
            },
            {
              "fixed": "bacbc70fa1936a5ca2bfd85ab493a4912004b10e"
            },
            {
              "fixed": "84802ee6a4806c25287344dce581f9548a99834a"
            }
          ],
          "repo": "https://github.com/gradio-app/gradio",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.",
  "id": "CVE-2024-1727",
  "modified": "2026-03-13T21:52:08.515349373Z",
  "published": "2024-03-21T20:15:07.620Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a"
    },
    {
      "type": "EVIDENCE",
      "url": "https://huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}