Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Cross site scripting in zenml
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
Permalink: https://github.com/advisories/GHSA-vwgf-7f9h-h499JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 4 months ago
Updated: 4 months ago
CVSS Score: 3.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
Identifiers: GHSA-vwgf-7f9h-h499, CVE-2024-2171
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2171
- https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e
- https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8
- https://github.com/advisories/GHSA-vwgf-7f9h-h499
Blast Radius: 5.6
Affected Packages
pypi:zenml
Dependent packages: 2Dependent repositories: 44
Downloads: 53,692 last month
Affected Version Ranges: < 0.56.2
Fixed in: 0.56.2
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.21.0, 0.21.1, 0.22.0, 0.23.0, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.32.1, 0.33.0, 0.34.0, 0.35.0, 0.35.1, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.41.0, 0.42.0, 0.42.1, 0.42.2, 0.43.0, 0.43.1, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.44.4, 0.45.0, 0.45.1, 0.45.2, 0.45.3, 0.45.4, 0.45.5, 0.45.6, 0.46.0, 0.46.1, 0.47.0, 0.50.0, 0.51.0, 0.52.0, 0.53.0, 0.53.1, 0.54.0, 0.54.1, 0.55.0, 0.55.1, 0.55.2, 0.55.3, 0.55.4, 0.55.5, 0.56.0, 0.56.1
All unaffected versions: 0.56.2, 0.56.3, 0.56.4, 0.57.0, 0.57.1, 0.58.0, 0.58.1, 0.58.2, 0.60.0, 0.61.0, 0.62.0, 0.63.0, 0.64.0, 0.65.0, 0.66.0