PT-2024-31195 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.56.3 Description: A denial of service issue exists due to improper handling of line feed characters in component names. When a low-privileged user adds a component through the API endpoint...

CVE-2024-2383

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...