Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2024-1727

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.

Published: Mar 21, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-1727
GHSA: GHSA-3x9g-xfj5-fq84
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
gradio	-	4.19.2
gradio_project / gradio	4.16.0	4.19.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo