{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:54:29.021","vulnerabilities":[{"cve":{"id":"CVE-2024-10624","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:17.880","lastModified":"2025-10-15T13:15:36.173","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\\s*now\\s*(?:-\\s*(\\d+)\\s*([dmhs]))?)?\\s*$` to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server."},{"lang":"es","value":"Existe una vulnerabilidad de denegación de servicio de expresiones regulares (ReDoS) en el repositorio gradio-app/gradio, que afecta al componente gr.Datetime. La versión afectada es el commit git 98cbcae. La vulnerabilidad surge del uso de la expresión regular `^(?:\\s*now\\s*(?:-\\s*(\\d+)\\s*([dmhs]))?)?\\s*$` para procesar la entrada del usuario. En el motor de expresiones regulares predeterminado de Python, esta expresión regular puede tardar un tiempo polinomial en coincidir con ciertas entradas manipuladas. Un atacante puede explotar esto enviando una solicitud HTTP manipulada, lo que provoca que el proceso gradio consuma el 100 % de la CPU y potencialmente genere una denegación de servicio (DoS) en el servidor."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gradio_project:gradio:2024-09-18:*:*:*:*:python:*:*","matchCriteriaId":"8926A90F-6CE8-4BEB-A0E5-34CFE8F1DD55"}]}]}],"references":[{"url":"https://huntr.com/bounties/e8d0b248-8feb-4c23-9ef9-be4d1e868374","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}