PYSEC-2024-170

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/zenml/PYSEC-2024-170.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-170

Aliases

Published

2024-06-06T19:15:53Z

Modified

2025-01-18T19:56:49.753460Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

References

Affected packages

PyPI / zenml

Package

Name: zenml; View open source insights on deps.dev
Purl: pkg:pypi/zenml

Affected ranges

Type: GIT
Repo: https://github.com/zenml-io/zenml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

68bcb3ba60cba9729c9713a49c39502d40fb945e

Fixed

68bcb3ba60cba9729c9713a49c39502d40fb945e

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.56.2

Affected versions

0.*

0.0.1rc1

0.0.1rc2

0.1.0

0.1.1

0.1.2

0.1.3rc0

0.1.3

0.1.4

0.1.5

0.2.0rc1

0.2.0rc2

0.2.0

0.3.1rc0

0.3.1

0.3.2

0.3.3rc0

0.3.3

0.3.4rc0

0.3.4

0.3.5rc0

0.3.5

0.3.6rc0

0.3.6

0.3.6.1

0.3.7rc0

0.3.7

0.3.7.1rc0

0.3.7.1rc1

0.3.7.1rc3

0.3.7.1rc4

0.3.8

0.3.9rc1

0.3.9rc2

0.5.0rc1

0.5.0rc2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1rc0

0.8.1

0.9.0

0.10.0

0.11.0

0.12.0

0.13.0

0.13.1

0.13.2

0.20.0rc1

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.20.5

0.21.0

0.21.1

0.22.0

0.23.0

0.30.0rc0

0.30.0rc1

0.30.0rc2

0.30.0rc3

0.30.0

0.31.0

0.31.1

0.32.0

0.32.1

0.33.0

0.34.0

0.35.0

0.35.1

0.36.0

0.36.1

0.37.0

0.38.0

0.39.0

0.39.1

0.40.0

0.40.1

0.40.2

0.40.3

0.41.0

0.42.0

0.42.1

0.42.2

0.43.0

0.43.1

0.44.0

0.44.1

0.44.2

0.44.3

0.44.4

0.45.0

0.45.1

0.45.2

0.45.3

0.45.4

0.45.5

0.45.6

0.46.0

0.46.1

0.47.0

0.50.0

0.51.0

0.52.0

0.53.0

0.53.1

0.54.0

0.54.1

0.55.0

0.55.1

0.55.2

0.55.3

0.55.4

0.55.5

0.56.0

0.56.1