A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HZenml
APPZenml< 0.68.0
Related vulnerabilities
Path Traversal w ZenML – odczyt dowolnych plików przez endpoint /api/v1/steps
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load`...
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session ...
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materi...
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation...