206 matches found
CVE-2024-5062
A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...
CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml
A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...
CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml
A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...
CVE-2024-5062
CVE-2024-5062 : A reflected XSS in zenml-io/zenml
PT-2024-34363 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.57.1 Description: A reflected Cross-Site Scripting XSS issue exists due to improper neutralization of input during web page generation, specifically within the redirect parameter. This allows an attacker to redirect...
ZenML Cross-Site Scripting Vulnerability
ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A cross-site scripting vulnerability exists in ZenML version 0.57.1, which stems from improper neutralization of input during web page generation, and a Reflective Cross-Site...
The vulnerability of the Zenml framework for creating machine learning pipelines, related to the incorrect validity period of a session, allows attackers to bypass the authentication process.
The vulnerability of the Zenml machine learning pipeline creation framework is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...
Denial Of Service (DoS)
ZenML is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper handling of line feed \n characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint api/v1/workspaces/default/components...
Improper line feed handling in zenml
A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...
GHSA-7GJR-HCC3-XFR4 Improper line feed handling in zenml
A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
...
CVE-2024-4460
...
CVE-2024-4460
CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...
Number withdrawn
ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. This CVE number has been withdrawn...
PT-2024-31195 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.56.3 Description: A denial of service issue exists due to improper handling of line feed characters in component names. When a low-privileged user adds a component through the API endpoint...
Insufficient Session Expiration
zenml is vulnerable to Insufficient Session Expiration. The vulnerability is due to the application not terminating existing sessions after a user's password is updated, allowing attackers to maintain access even after security credentials have been changed...
Race Condition
zenml is vulnerable to a Race Condition vulnerability. The vulnerability is due to insufficient handling of concurrent user creation requests, which allows an attacker to create multiple users with the same username when requests are sent in parallel...
Improper Authorization
zenml is vulnerable to Improper Authorization. The vulnerability is due to improper authorization controls in the API PUT /api/v1/users/id endpoint, allowing any authenticated user to modify other users' information, including deactivating accounts...