{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "0.10.2"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "41962bd57c106a32542fff69da4cebe5270615bf"
            },
            {
              "fixed": "f1718c47137f9c60240da7afe5e3290aa0f1cb47"
            }
          ],
          "repo": "https://github.com/gradio-app/gradio",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.",
  "id": "CVE-2024-8966",
  "modified": "2026-03-13T21:47:12.606001856Z",
  "published": "2025-03-20T10:15:45.340Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/gradio-app/gradio/commit/f1718c47137f9c60240da7afe5e3290aa0f1cb47"
    },
    {
      "type": "EVIDENCE",
      "url": "https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}