CVE-2024-10624

Summary

CVE-2024-10624 is a newly discovered vulnerability affecting the gr.Datetime component in the gradio-app/gradio repository. The issue lies in the use of a Regular Expression Denial of Service (ReDoS) vulnerable regular expression in the gr.Datetime parser. Specifically, the regular expression `^(?:\s*now\s*(?:-*\s*(\d+))?\s*([dmhs]))?\s*$` is susceptible to this issue. In Python's default regex engine, this regular expression can consume excessive processing power when presented with carefully crafted inputs. An attacker can exploit this vulnerability by sending a malicious HTTP request, causing the gradio process to experience a Denial of Service (DoS) condition due to the resource-intensive regex matching. The affected version of the repository is git commit 98cbcae.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.