PYSEC-2024-254
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/zenml/PYSEC-2024-254.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2024-254
- Aliases
- Published
- 2024-04-16T00:15:11Z
- Modified
- 2025-06-13T01:56:56.741839Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
- References
Affected packages
PyPI / zenml
Package
- Name
- zenml
- View open source insights on deps.dev
- Purl
- pkg:pypi/zenml
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zenml-io/zenml
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.56.2
Affected versions
0.*
0.0.1rc1
0.0.1rc2
0.1.0
0.1.1
0.1.2
0.1.3rc0
0.1.3
0.1.4
0.1.5
0.2.0rc1
0.2.0rc2
0.2.0
0.3.1rc0
0.3.1
0.3.2
0.3.3rc0
0.3.3
0.3.4rc0
0.3.4
0.3.5rc0
0.3.5
0.3.6rc0
0.3.6
0.3.6.1
0.3.7rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc3
0.3.7.1rc4
0.3.8
0.3.9rc1
0.3.9rc2
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1rc0
0.8.1
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.20.0rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.30.0rc0
0.30.0rc1
0.30.0rc2
0.30.0rc3
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.0
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.40.3
0.41.0
0.42.0
0.42.1
0.42.2
0.43.0
0.43.1
0.44.0
0.44.1
0.44.2
0.44.3
0.44.4
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.0
0.46.1
0.47.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.3
0.55.4
0.55.5
0.56.0
0.56.1