GHSA-vwgf-7f9h-h499
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vwgf-7f9h-h499
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-vwgf-7f9h-h499/GHSA-vwgf-7f9h-h499.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vwgf-7f9h-h499
- Aliases
- Published
- 2024-06-06T21:30:36Z
- Modified
- 2025-01-21T18:36:30.466586Z
- Severity
-
- 3.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- Cross site scripting in zenml
- Details
-
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
- Database specific
{ "nvd_published_at": "2024-06-06T19:15:53Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-06-06T22:28:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-2171
- https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e
- https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml
- https://github.com/zenml-io/zenml
- https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8
Affected packages
PyPI / zenml
Package
- Name
- zenml
- View open source insights on deps.dev
- Purl
- pkg:pypi/zenml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.56.2
Affected versions
0.*
0.0.1rc1
0.0.1rc2
0.1.0
0.1.1
0.1.2
0.1.3rc0
0.1.3
0.1.4
0.1.5
0.2.0rc1
0.2.0rc2
0.2.0
0.3.1rc0
0.3.1
0.3.2
0.3.3rc0
0.3.3
0.3.4rc0
0.3.4
0.3.5rc0
0.3.5
0.3.6rc0
0.3.6
0.3.6.1
0.3.7rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc3
0.3.7.1rc4
0.3.8
0.3.9rc1
0.3.9rc2
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1rc0
0.8.1
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.20.0rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.30.0rc0
0.30.0rc1
0.30.0rc2
0.30.0rc3
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.0
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.40.3
0.41.0
0.42.0
0.42.1
0.42.2
0.43.0
0.43.1
0.44.0
0.44.1
0.44.2
0.44.3
0.44.4
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.0
0.46.1
0.47.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.3
0.55.4
0.55.5
0.56.0
0.56.1