Zip Bomb Vulnerability in gradio-app/gradio

Vulnerability

Summary

The dataframe component in gradio-app/gradio (commit 98cbcae) contains a denial-of-service vulnerability stemming from how it processes user-supplied input data. The component uses pd.read_csv to parse uploaded files, which inherently supports compressed file formats such as ZIP archives [1][2]. This design choice, combined with a lack of input size or decompression restrictions, allows an attacker to supply a maliciously crafted compressed file—commonly known as a zip bomb—that expands massively during decompression, consuming server memory and CPU resources until the process crashes [2].

Attack

Surface and Exploitation

The vulnerability is exploitable over the network without authentication; any user who can upload a file to a Gradio application can trigger the attack. The affected code is located in gradio/components/dataframe.py at the point where pd.read_csv is called on a user-supplied file [3]. By submitting a file that is small when compressed but decompresses to an enormous size (e.g., multiple terabytes of repeated data), an adversary can exhaust the server's resources, leading to a denial of service. No special privileges or prior access are required beyond the ability to interact with the Gradio interface's file upload component [2].

Impact and

Mitigation

Successful exploitation results in a server crash, making the Gradio application unavailable to legitimate users—a classic denial-of-service outcome [2]. The vulnerability was disclosed through the Huntr bug bounty platform [4]. As of the publication date of this CVE, the fix status is not explicitly detailed in the provided references, but users are advised to update to the latest version of Gradio or implement input size limits and validate file signatures before processing. Until a patch is applied, operators should consider restricting file uploads or disabling the dataframe component in untrusted environments [2][4].