Lucene search

Veracode Vulnerability DatabaseVERACODE:47723

HistoryJun 25, 2024 - 5:01 a.m.

Denial Of Service (DoS)

2024-06-2505:01:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

zenml

vulnerability

resource consumption

line feed characters

api endpoint

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

ZenML is vulnerable to a Denial Of Service (DoS). The vulnerability is due to improper handling of line feed (\n) characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint api/v1/workspaces/default/components.

CPENameOperatorVersion
zenmlle0.57.0
zenmlle0.57.0

CPE	Name	Operator	Version
	zenml	le	0.57.0
	zenml	le	0.57.0

References

github.com/advisories/GHSA-7gjr-hcc3-xfr4

github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b

huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47723