Safety vulnerability ID: 76295
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$ to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.
Latest version: 5.23.3
Python library for easily interacting with trained machine learning models
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application