Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/83309?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/83309?format=api", "purl": "pkg:pypi/zenml@0.1.1", "type": "pypi", "namespace": "", "name": "zenml", "version": "0.1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.68.0", "latest_non_vulnerable_version": "0.84.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51275?format=api", "vulnerability_id": "VCID-42g8-w871-x3es", "summary": "A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44607", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44625", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44454", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9340" }, { "reference_url": "https://github.com/advisories/GHSA-6gmf-2369-c76c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6gmf-2369-c76c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9340" }, { "reference_url": "https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6", "reference_id": "c9200654-7dc0-4c1d-8573-ab79a87fb4f6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/" } ], "url": "https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d", "reference_id": "cba152eb9ca3071c8372b0b91c02d9d3351de48d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87168?format=api", "purl": "pkg:pypi/zenml@0.68.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.68.0" } ], "aliases": [ "CVE-2024-9340", "GHSA-6gmf-2369-c76c", "PYSEC-2025-57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42g8-w871-x3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63276?format=api", "vulnerability_id": "VCID-4hzw-29wd-57g1", "summary": "An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16078", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16089", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15937", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2035" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml" }, { "reference_url": "https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c", "reference_id": "1cfc6493-082e-4229-9f2f-496801a6557c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/" } ], "url": "https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3", "reference_id": "b95f083efffa56831cd41d8ed536aeb0b6038fa3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2035", "reference_id": "CVE-2024-2035", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2035" }, { "reference_url": "https://github.com/advisories/GHSA-9x88-4jg8-4vf7", "reference_id": "GHSA-9x88-4jg8-4vf7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9x88-4jg8-4vf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30381?format=api", "purl": "pkg:pypi/zenml@0.56.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2" } ], "aliases": [ "CVE-2024-2035", "GHSA-9x88-4jg8-4vf7", "PYSEC-2024-169" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hzw-29wd-57g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38817?format=api", "vulnerability_id": "VCID-5qpt-9jqh-dba7", "summary": "A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37963", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37989", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37786", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5062" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4", "reference_id": "21edd863c0ba53c1110b6f018a07c2d6853cf6d4", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4" }, { "reference_url": "https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f", "reference_id": "ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/" } ], "url": "https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5062", "reference_id": "CVE-2024-5062", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5062" }, { "reference_url": "https://github.com/advisories/GHSA-3434-hc3m-8mmm", "reference_id": "GHSA-3434-hc3m-8mmm", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3434-hc3m-8mmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32327?format=api", "purl": "pkg:pypi/zenml@0.58.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.58.0" } ], "aliases": [ "CVE-2024-5062", "GHSA-3434-hc3m-8mmm", "PYSEC-2024-176" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qpt-9jqh-dba7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63677?format=api", "vulnerability_id": "VCID-7cya-2yr7-r3e5", "summary": "An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01375", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01386", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01377", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2213" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2", "reference_id": "58cb3d987372c91eb605853c35325701733337c2", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2" }, { "reference_url": "https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48", "reference_id": "8f5534ac-fd08-4b8b-8c2e-35949aa36e48", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/" } ], "url": "https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2213", "reference_id": "CVE-2024-2213", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2213" }, { "reference_url": "https://github.com/advisories/GHSA-j527-v579-m98h", "reference_id": "GHSA-j527-v579-m98h", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j527-v579-m98h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32035?format=api", "purl": "pkg:pypi/zenml@0.56.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3" } ], "aliases": [ "CVE-2024-2213", "GHSA-j527-v579-m98h", "PYSEC-2024-193" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7cya-2yr7-r3e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63488?format=api", "vulnerability_id": "VCID-7gaz-m16x-qbeb", "summary": "A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71958", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71971", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71873", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2083" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b", "reference_id": "00e934f33a243a554f5f65b80eefd5ea5117367b", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2083", "reference_id": "CVE-2024-2083", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2083" }, { "reference_url": "https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f", "reference_id": "f24b2216-6a4b-42a1-becb-9b47e6cf117f", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/" } ], "url": "https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f" }, { "reference_url": "https://github.com/advisories/GHSA-6h3f-43vq-53hj", "reference_id": "GHSA-6h3f-43vq-53hj", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6h3f-43vq-53hj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30383?format=api", "purl": "pkg:pypi/zenml@0.55.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5" } ], "aliases": [ "CVE-2024-2083", "GHSA-6h3f-43vq-53hj", "PYSEC-2024-247" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gaz-m16x-qbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47153?format=api", "vulnerability_id": "VCID-bh6k-2w81-5kg1", "summary": "zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22083", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22285", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22273", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4311" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4311" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9", "reference_id": "87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9" }, { "reference_url": "https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2", "reference_id": "d5517e1a-6b94-4e38-aad6-3aa65f98bec2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/" } ], "url": "https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2" }, { "reference_url": "https://github.com/advisories/GHSA-j3vq-pmp5-r5xj", "reference_id": "GHSA-j3vq-pmp5-r5xj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3vq-pmp5-r5xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84252?format=api", "purl": "pkg:pypi/zenml@0.57.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.0rc2" } ], "aliases": [ "CVE-2024-4311", "GHSA-j3vq-pmp5-r5xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6k-2w81-5kg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47297?format=api", "vulnerability_id": "VCID-cc82-xbg4-sbd4", "summary": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23134", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23145", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22938", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4680" }, { "reference_url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a", "reference_id": "c88f6bd2-490d-4930-98dd-03651b20230a", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:06:48Z/" } ], "url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4680", "reference_id": "CVE-2024-4680", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4680" }, { "reference_url": "https://github.com/advisories/GHSA-99hm-86h7-gr3g", "reference_id": "GHSA-99hm-86h7-gr3g", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99hm-86h7-gr3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84250?format=api", "purl": "pkg:pypi/zenml@0.56.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.4" } ], "aliases": [ "CVE-2024-4680", "GHSA-99hm-86h7-gr3g" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cc82-xbg4-sbd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63563?format=api", "vulnerability_id": "VCID-dhp5-dpvm-v7cc", "summary": "A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18118", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18135", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17959", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2383" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml" }, { "reference_url": "https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963", "reference_id": "22d26f5a-c0ae-4344-aa7d-08ff5ada3963", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/" } ], "url": "https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2383", "reference_id": "CVE-2024-2383", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2383" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9", "reference_id": "f863fde1269bc355951f8cfc826c0244d88ad5e9", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9" }, { "reference_url": "https://github.com/advisories/GHSA-mq73-g4qr-fgcq", "reference_id": "GHSA-mq73-g4qr-fgcq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mq73-g4qr-fgcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32035?format=api", "purl": "pkg:pypi/zenml@0.56.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3" } ], "aliases": [ "CVE-2024-2383", "GHSA-mq73-g4qr-fgcq", "PYSEC-2024-194" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhp5-dpvm-v7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47601?format=api", "vulnerability_id": "VCID-gsey-n5gk-huah", "summary": "", "references": [ { "reference_url": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b" }, { "reference_url": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4460", "reference_id": "CVE-2024-4460", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4460" }, { "reference_url": "https://github.com/advisories/GHSA-7gjr-hcc3-xfr4", "reference_id": "GHSA-7gjr-hcc3-xfr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gjr-hcc3-xfr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32283?format=api", "purl": "pkg:pypi/zenml@0.57.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.1" } ], "aliases": [ "CVE-2024-4460", "GHSA-7gjr-hcc3-xfr4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsey-n5gk-huah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32166?format=api", "vulnerability_id": "VCID-j3df-fbe5-37ha", "summary": "ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89644", "scoring_system": "epss", "scoring_elements": "0.99584", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.89644", "scoring_system": "epss", "scoring_elements": "0.99583", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25723" }, { "reference_url": "https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2", "reference_id": "0.42.1...0.42.2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/" } ], "url": "https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2" }, { "reference_url": "https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1", "reference_id": "0.43.0...0.43.1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/" } ], "url": "https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1" }, { "reference_url": "https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4", "reference_id": "0.44.3...0.44.4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/" } ], "url": "https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4" }, { "reference_url": "https://www.zenml.io/blog/critical-security-update-for-zenml-users", "reference_id": "critical-security-update-for-zenml-users", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/" } ], "url": "https://www.zenml.io/blog/critical-security-update-for-zenml-users" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25723", "reference_id": "CVE-2024-25723", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25723" }, { "reference_url": "https://github.com/advisories/GHSA-vf7j-cmrj-pmmm", "reference_id": "GHSA-vf7j-cmrj-pmmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vf7j-cmrj-pmmm" }, { "reference_url": "https://github.com/zenml-io/zenml", "reference_id": "zenml", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/" } ], "url": "https://github.com/zenml-io/zenml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29386?format=api", "purl": "pkg:pypi/zenml@0.42.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-7gaz-m16x-qbeb" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-tkuk-h9xn-1yey" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.42.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29385?format=api", "purl": "pkg:pypi/zenml@0.43.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-7gaz-m16x-qbeb" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-tkuk-h9xn-1yey" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.43.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29383?format=api", "purl": "pkg:pypi/zenml@0.44.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-7gaz-m16x-qbeb" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-tkuk-h9xn-1yey" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.44.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29381?format=api", "purl": "pkg:pypi/zenml@0.46.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.46.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/83418?format=api", "purl": "pkg:pypi/zenml@0.47.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-7gaz-m16x-qbeb" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-tkuk-h9xn-1yey" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.47.0" } ], "aliases": [ "CVE-2024-25723", "GHSA-vf7j-cmrj-pmmm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3df-fbe5-37ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63010?format=api", "vulnerability_id": "VCID-qj66-8fqx-s3dx", "summary": "A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20207", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20226", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20034", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2171" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e", "reference_id": "68bcb3ba60cba9729c9713a49c39502d40fb945e", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e" }, { "reference_url": "https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8", "reference_id": "cee06a28-7e3b-460b-b504-69add838ebe8", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/" } ], "url": "https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2171", "reference_id": "CVE-2024-2171", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2171" }, { "reference_url": "https://github.com/advisories/GHSA-vwgf-7f9h-h499", "reference_id": "GHSA-vwgf-7f9h-h499", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwgf-7f9h-h499" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30381?format=api", "purl": "pkg:pypi/zenml@0.56.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2" } ], "aliases": [ "CVE-2024-2171", "GHSA-vwgf-7f9h-h499", "PYSEC-2024-170" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj66-8fqx-s3dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63449?format=api", "vulnerability_id": "VCID-tkuk-h9xn-1yey", "summary": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13917", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13919", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2032" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml" }, { "reference_url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56", "reference_id": "6199cd5d-611f-4ea9-96c5-52a952ba5a56", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/" } ], "url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b", "reference_id": "afcaf741ef9114c9b32f722f101b97de3d8d147b", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2032", "reference_id": "CVE-2024-2032", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2032" }, { "reference_url": "https://github.com/advisories/GHSA-c546-8jmq-hprj", "reference_id": "GHSA-c546-8jmq-hprj", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c546-8jmq-hprj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30383?format=api", "purl": "pkg:pypi/zenml@0.55.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-4hzw-29wd-57g1" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" }, { "vulnerability": "VCID-qj66-8fqx-s3dx" }, { "vulnerability": "VCID-utfk-qyy1-muhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5" } ], "aliases": [ "CVE-2024-2032", "GHSA-c546-8jmq-hprj", "PYSEC-2024-105" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkuk-h9xn-1yey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63001?format=api", "vulnerability_id": "VCID-utfk-qyy1-muhw", "summary": "A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24416", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24428", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24221", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2260" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml" }, { "reference_url": "https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167", "reference_id": "2d0856ec-ed73-477a-8ea2-d5d4f15cf167", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/" } ], "url": "https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167" }, { "reference_url": "https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e", "reference_id": "68bcb3ba60cba9729c9713a49c39502d40fb945e", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/" } ], "url": "https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2260", "reference_id": "CVE-2024-2260", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2260" }, { "reference_url": "https://github.com/advisories/GHSA-g3r5-72hf-p7p2", "reference_id": "GHSA-g3r5-72hf-p7p2", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g3r5-72hf-p7p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30381?format=api", "purl": "pkg:pypi/zenml@0.56.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42g8-w871-x3es" }, { "vulnerability": "VCID-5qpt-9jqh-dba7" }, { "vulnerability": "VCID-7cya-2yr7-r3e5" }, { "vulnerability": "VCID-bh6k-2w81-5kg1" }, { "vulnerability": "VCID-cc82-xbg4-sbd4" }, { "vulnerability": "VCID-dhp5-dpvm-v7cc" }, { "vulnerability": "VCID-gsey-n5gk-huah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2" } ], "aliases": [ "CVE-2024-2260", "GHSA-g3r5-72hf-p7p2", "PYSEC-2024-254" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utfk-qyy1-muhw" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.1.1" }