GHSA-g3r5-72hf-p7p2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g3r5-72hf-p7p2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-g3r5-72hf-p7p2/GHSA-g3r5-72hf-p7p2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g3r5-72hf-p7p2
- Aliases
- Published
- 2024-04-16T00:30:33Z
- Modified
- 2025-06-13T04:55:41.511110Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- zenml Session Fixation vulnerability
- Details
-
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
- Database specific
{ "github_reviewed_at": "2024-04-16T18:23:34Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2024-04-16T00:15:11Z", "cwe_ids": [ "CWE-384" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-2260
- https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e
- https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml
- https://github.com/zenml-io/zenml
- https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167
Affected packages
PyPI / zenml
Package
- Name
- zenml
- View open source insights on deps.dev
- Purl
- pkg:pypi/zenml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.56.2
Affected versions
0.*
0.0.1rc1
0.0.1rc2
0.1.0
0.1.1
0.1.2
0.1.3rc0
0.1.3
0.1.4
0.1.5
0.2.0rc1
0.2.0rc2
0.2.0
0.3.1rc0
0.3.1
0.3.2
0.3.3rc0
0.3.3
0.3.4rc0
0.3.4
0.3.5rc0
0.3.5
0.3.6rc0
0.3.6
0.3.6.1
0.3.7rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc3
0.3.7.1rc4
0.3.8
0.3.9rc1
0.3.9rc2
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1rc0
0.8.1
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.20.0rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.30.0rc0
0.30.0rc1
0.30.0rc2
0.30.0rc3
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.0
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.40.3
0.41.0
0.42.0
0.42.1
0.42.2
0.43.0
0.43.1
0.44.0
0.44.1
0.44.2
0.44.3
0.44.4
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.0
0.46.1
0.47.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.3
0.55.4
0.55.5
0.56.0
0.56.1