Zenml vulnerabilities
15 known vulnerabilities affecting zenml/zenml.
Total CVEs
15
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM7LOW2
Vulnerabilities
Page 1 of 1
CVE-2024-25723P1HIGHCVSS 8.8PoCfixed in 0.42.2≥ 0.44.0, < 0.44.4+2 more2024-02-27
CVE-2024-25723 [HIGH] CWE-284 CVE-2024-25723: ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.
ghsanvdosv
CVE-2024-2083P2CRITICALCVSS 9.9fixed in 0.55.52024-04-16
CVE-2024-2083 [CRITICAL] CWE-29 CVE-2024-2083: A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the
A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for dir
ghsanvdosv
CVE-2024-4680P3HIGHCVSS 8.8v0.56.32024-06-08
CVE-2024-4680 [HIGH] CWE-613 CVE-2024-4680: A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials o
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was ob
ghsanvdosv
CVE-2024-28424P3HIGHCVSS 8.8v0.55.42024-03-14
CVE-2024-28424 [HIGH] CWE-94 CVE-2024-28424: zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.
nvd
CVE-2024-9340P3HIGHCVSS 7.5fixed in 0.68.02025-03-20
CVE-2024-9340 [HIGH] CWE-835 CVE-2024-9340: A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated atta
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, result
ghsanvdosv
CVE-2025-8406P3HIGHCVSS 7.8≥ 0.83.1, < 0.84.22025-10-05
CVE-2025-8406 [HIGH] CWE-22 CVE-2025-8406: ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class.
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary comman
ghsanvdosv
CVE-2024-2035P3MEDIUMCVSS 6.5fixed in 0.56.22024-06-06
CVE-2024-2035 [MEDIUM] CWE-862 CVE-2024-2035: An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects versio
ghsanvdosv
CVE-2024-4311P4MEDIUMCVSS 5.4v0.56.42024-11-14
CVE-2024-4311 [MEDIUM] CWE-770 CVE-2024-4311: zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' en
ghsanvdosv
CVE-2024-2383P4MEDIUMCVSS 6.1fixed in 0.56.32024-06-06
CVE-2024-2383 [MEDIUM] CWE-1021 CVE-2024-2383: A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tr
ghsanvdosv
CVE-2024-5062P4MEDIUMCVSS 6.1fixed in 0.58.02024-06-30
CVE-2024-5062 [MEDIUM] CWE-79 CVE-2024-5062: A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper
ghsanvdosv
CVE-2024-2260P4MEDIUMCVSS 4.2fixed in 0.56.22024-04-16
CVE-2024-2260 [MEDIUM] CWE-384 CVE-2024-2260: A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
ghsanvdosv
CVE-2024-2171P4MEDIUMCVSS 4.8fixed in 0.56.22024-06-06
CVE-2024-2171 [MEDIUM] CWE-79 CVE-2024-2171: A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, s
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0
ghsanvdosv
CVE-2024-2213P4LOWCVSS 3.3fixed in 0.56.32024-06-06
CVE-2024-2213 [LOW] CWE-620 CVE-2024-2213: An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authe
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change veri
ghsanvdosv
CVE-2024-2032P4LOWCVSS 3.1fixed in 0.55.52024-06-06
CVE-2024-2032 [LOW] CWE-366 CVE-2024-2032: A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which a
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsis
ghsanvdosv
CVE-2024-4460MEDIUM≥ 0, < 0.57.12024-06-24
CVE-2024-4460 [MEDIUM] CWE-400 Improper line feed handling in zenml
Improper line feed handling in zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inabilit
ghsaosv