VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Regular Expression Denial of Service (ReDoS) in gradio-app/gradio

CVE-2024-10624

Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$ to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gradioPyPI
>= 4.38.0, <= 5.0.0-beta.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.