EUVD-2024-1199

Malicious code in bioql PyPI...

EUVD-2024-0197

Malicious code in bioql PyPI...

EUVD-2024-0193

Malicious code in bioql PyPI...

ZenML < 0.57.0 Account Takeover

According to its banner, the version of ZenML running on the remote host is 0.57.0. It is, therefore, affected by an Account Takeover due to the lack of rate-limiting in the password change function. Note that the scanner has not tested for these issues but has instead relied only on the...

ZenML Insufficient Session Expiration

According to its banner, the version of BentoML running on the remote host is 1.4.x 1.4.8. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability in File Upload Processing. "According to its banner, the version of ZenML hosted on the remote is, affected by an Insufficient...

CVE-2024-2032

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

Infinite loop

Overview zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Infinite loop through the multipart request boundary processing mechanism. An attacker can cause excessive resource consumption by sending malformed multipart requests with arbitrary...

GHSA-6GMF-2369-C76C ZenML unauthenticated DoS via Multipart Boundry

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

ZenML unauthenticated DoS via Multipart Boundry

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

CVE-2024-9340

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

ZenML < 0.58.0 XSS

The version of ZenML installed on the remote host is prior to 0.57.1. It is, therefore, affected by a A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation,...

ZenML < 0.56.3 Vulnerability - CVE-2024-2383

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a clickjacking vulnerability due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the...

ZenML < 0.56.3 Unpatched Session Expiration Exposure (CVE-2024-4680)

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a vulnerability which allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change,...

ZenML < 0.55.5 Vulnerability - CVE-2024-2032

The version of ZenML installed on the remote host is prior to 0.55.5. It is, therefore, affected by a race condition vulnerability which allows for the creation of multiple users with the same username when requests are sent in parallel. The vulnerability arises due to insufficient handling of...

ZenML < 0.56.2 Vulnerability - CVE-2024-2171

The version of ZenML installed on the remote host is prior to 0.56.2. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability was identified within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users,...

Account Takeover

zenml is vulnerable to Account Takeover. The vulnerability is due to a lack of rate-limiting on the '/api/v1/current-user' endpoint, which allows attackers to brute-force the current password in the 'Update Password' function...

Improper Authentication

zenml is vulnerable to Improper Authentication. The vulnerability is due to improper authentication mechanisms, allowing an attacker with access to an active user session to change the account password without knowing the current password, bypassing the standard password change verification proce...

ZenML Security Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML versions 0.55.3 and below, which stems from the presence of a contention condition vulnerability that leads to data inconsistency and...

ZenML 授权问题漏洞

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. An authorization issue vulnerability exists in ZenML 0.55.4 and prior versions of the application that stems from the presence of session fixation, which can be exploited by an...

PT-2024-18737 · Zenml · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml affected versions not specified Description: A directory traversal issue exists, specifically within the "/api/v1/steps" endpoint. Attackers can exploit this by manipulating the logs URI path to fetch arbitrary file content,...