HIGH🇬🇧 English

CVE-2024-9340

CVSS 7.5v3.0pub. 2025-03-20upd. 2025-07-15

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Zenml

    APP
    Zenml
    < 0.68.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassDoS
CWE
Referencje

Powiązane podatności

CVE-2024-2083CRITICAL9.9PL ✓ten sam produkt

Path Traversal w ZenML – odczyt dowolnych plików przez endpoint /api/v1/steps

CVE-2025-8406HIGH7.8ten sam produkt

ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load`...

CVE-2024-4680HIGH8.8ten sam produkt

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session ...

CVE-2024-28424HIGH8.8ten sam produkt

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materi...

CVE-2024-25723HIGH8.8ten sam produkt

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation...

CVE-2024-9340 — HIGH 7.5 | CVEbaza.pl