Lucene search
K

206 matches found

OSV
OSV
added 2024/06/30 4:15 p.m.20 views

CVE-2024-5062

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/30 3:14 p.m.21 views

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

5.3CVSS5.7AI score0.00388EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/30 3:14 p.m.42 views

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

5.3CVSS0.00388EPSS
Exploits1References2
CVE
CVE
added 2024/06/30 3:14 p.m.65 views

CVE-2024-5062

CVE-2024-5062 : A reflected XSS in zenml-io/zenml

6.1CVSS5.4AI score0.00388EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/30 12:0 a.m.10 views

PT-2024-34363 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.57.1 Description: A reflected Cross-Site Scripting XSS issue exists due to improper neutralization of input during web page generation, specifically within the redirect parameter. This allows an attacker to redirect...

6.1CVSS5.6AI score0.00388EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/06/30 12:0 a.m.5 views

ZenML Cross-Site Scripting Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A cross-site scripting vulnerability exists in ZenML version 0.57.1, which stems from improper neutralization of input during web page generation, and a Reflective Cross-Site...

6.1CVSS5.4AI score0.00388EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.5 views

The vulnerability of the Zenml framework for creating machine learning pipelines, related to the incorrect validity period of a session, allows attackers to bypass the authentication process.

The vulnerability of the Zenml machine learning pipeline creation framework is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...

4.6CVSS5.8AI score0.00405EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/06/25 5:1 a.m.10 views

Denial Of Service (DoS)

ZenML is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper handling of line feed \n characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint api/v1/workspaces/default/components...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/24 9:30 a.m.22 views

Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

6.6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/24 9:30 a.m.14 views

GHSA-7GJR-HCC3-XFR4 Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

4.3CVSS4.3AI score
Exploits0References4
OSV
OSV
added 2024/06/24 7:15 a.m.10 views

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.3AI score
Exploits0
NVD
NVD
added 2024/06/24 7:15 a.m.23 views

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Vulnrichment
Vulnrichment
added 2024/06/24 6:58 a.m.13 views

CVE-2024-4460

...

4.6AI score
Exploits0
Cvelist
Cvelist
added 2024/06/24 6:58 a.m.21 views

CVE-2024-4460

...

Exploits0
CVE
CVE
added 2024/06/24 6:58 a.m.54 views

CVE-2024-4460

CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...

4.5AI score
Exploits0
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.4 views

Number withdrawn

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. This CVE number has been withdrawn...

6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.8 views

PT-2024-31195 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.56.3 Description: A denial of service issue exists due to improper handling of line feed characters in component names. When a low-privileged user adds a component through the API endpoint...

4.3CVSS7AI score
Exploits0References7
Veracode
Veracode
added 2024/06/12 6:34 a.m.12 views

Insufficient Session Expiration

zenml is vulnerable to Insufficient Session Expiration. The vulnerability is due to the application not terminating existing sessions after a user's password is updated, allowing attackers to maintain access even after security credentials have been changed...

8.8CVSS7AI score0.00405EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/06/11 9:31 a.m.14 views

Race Condition

zenml is vulnerable to a Race Condition vulnerability. The vulnerability is due to insufficient handling of concurrent user creation requests, which allows an attacker to create multiple users with the same username when requests are sent in parallel...

3.1CVSS6.6AI score0.00289EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/06/11 7:55 a.m.17 views

Improper Authorization

zenml is vulnerable to Improper Authorization. The vulnerability is due to improper authorization controls in the API PUT /api/v1/users/id endpoint, allowing any authenticated user to modify other users' information, including deactivating accounts...

6.5CVSS6.5AI score0.00623EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder