CVE-2024-28424

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28424

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28424.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28424

Published

2024-03-14T19:15:50Z

Modified

2025-05-17T14:22:28.464568Z

Summary

[none]

Details

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.

References

https://github.com/bayuncao/vul-cve-18

Affected packages

Git / github.com/zenml-io/zenml

Affected ranges

Type: GIT
Repo: https://github.com/zenml-io/zenml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a24ccb12d4cfd5652388b031ca828600981a1925

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.3rc0

0.1.4

0.1.5

0.10.0

0.11.0

0.12.0

0.13.0

0.13.1

0.13.2

0.2.0

0.2.0rc1

0.2.0rc2

0.20.3

0.20.5

0.21.0

0.21.1

0.22.0

0.23.0

0.3.0

0.3.1

0.3.1rc0

0.3.2

0.3.3

0.3.3rc0

0.3.4

0.3.4rc0

0.3.5

0.3.5rc0

0.3.6

0.3.6.1

0.3.6rc0

0.3.7

0.3.7.1rc0

0.3.7.1rc1

0.3.7.1rc2

0.3.7.1rc3

0.3.7.1rc4

0.3.7.1rc5

0.3.7rc0

0.3.8

0.3.9rc1

0.3.9rc2

0.30.0

0.31.0

0.31.1

0.32.0

0.32.1

0.33.0

0.34.0

0.35.0

0.35.1

0.36.1

0.37.0

0.38.0

0.39.0

0.39.1

0.40.0

0.40.1

0.40.2

0.41.0

0.42.0

0.43.0

0.44.0

0.44.1

0.44.2

0.44.3

0.45.0

0.45.1

0.45.2

0.45.3

0.45.4

0.45.5

0.45.6

0.46.1

0.47.0

0.5.0

0.5.0rc1

0.5.0rc2

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.54.0

0.54.1

0.55.0

0.55.1

0.55.2

0.55.4

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.8.1

0.8.1rc0

0.9.0