zenml@0.56.2 vulnerabilities

ZenML: Write production-ready ML code.

latest version

0.81.0

first published

4 years ago

latest version published

3 days ago

licenses detected

Apache-2.0
[0,)

View zenml package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the zenml package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Infinite loop zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Infinite loop through the multipart request boundary processing mechanism. An attacker can cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. How to fix Infinite loop? Upgrade `zenml` to version 0.68.0 or higher.	[,0.68.0)
M Cross-site Request Forgery (CSRF) zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the `generate_access_token()` function in `auth.py`. How to fix Cross-site Request Forgery (CSRF)? Upgrade `zenml` to version 0.73.0 or higher.	[,0.73.0)
H Race Condition within a Thread zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Race Condition within a Thread in the `ServiceConnectorRegistry` class in `service_connector_registry.py`, causing errors that block access to certain service connector types when concurrent REST requests are made. How to fix Race Condition within a Thread? Upgrade `zenml` to version 0.71.0 or higher.	[,0.71.0)
M Incorrect Authorization zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Incorrect Authorization due to improper RBAC enforcement. How to fix Incorrect Authorization? Upgrade `zenml` to version 0.72.0 or higher.	[,0.72.0)
M Allocation of Resources Without Limits or Throttling zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `/api/v1/current-user` endpoint. An attacker can brute-force the current password in the `Update Password` function, allowing them to take over the user's account. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `zenml` to version 0.57.0rc2 or higher.	[,0.57.0rc2)
M Cross-site Scripting (XSS) zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the `redirect` parameter, due to improper user input sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `zenml` to version 0.58.0 or higher.	[,0.58.0)
M Uncontrolled Resource Consumption ('Resource Exhaustion') zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to improper handling of line feed (`\n`) characters in component names. An attacker can degrade the user experience and potentially render the ZenML Dashboard unusable by adding a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\n` character. This results in uncontrolled resource consumption and prevents users from adding new components in certain categories and registering new stacks through the UI. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade `zenml` to version 0.57.1 or higher.	[,0.57.1)
L Improper Authentication zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Authentication. An attacker with access to an active user session can change the account password without needing to know the current password, leading to unauthorized account takeover by bypassing the standard password change verification process. How to fix Improper Authentication? Upgrade `zenml` to version 0.56.3 or higher.	[,0.56.3)
M Improper Restriction of Rendered UI Layers or Frames zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to the application's failure to set appropriate `X-Frame-Options` or `Content-Security-Policy` HTTP headers. An attacker can trick users into interacting with the interface under the attacker's control by embedding the application UI within an iframe on a malicious page. How to fix Improper Restriction of Rendered UI Layers or Frames? Upgrade `zenml` to version 0.56.3 or higher.	[,0.56.3)

Go back to all versions of this package