Homepage

zenml@0.64.0 vulnerabilities

ZenML: Write production-ready ML code.

  • latest version

    0.81.0

  • first published

    4 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View zenml package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the zenml package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Infinite loop

    zenml is a ZenML: Write production-ready ML code.

    Affected versions of this package are vulnerable to Infinite loop through the multipart request boundary processing mechanism. An attacker can cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries.

    How to fix Infinite loop?

    Upgrade zenml to version 0.68.0 or higher.

    [,0.68.0)
    • M
    Cross-site Request Forgery (CSRF)

    zenml is a ZenML: Write production-ready ML code.

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the generate_access_token() function in auth.py.

    How to fix Cross-site Request Forgery (CSRF)?

    Upgrade zenml to version 0.73.0 or higher.

    [,0.73.0)
    • H
    Race Condition within a Thread

    zenml is a ZenML: Write production-ready ML code.

    Affected versions of this package are vulnerable to Race Condition within a Thread in the ServiceConnectorRegistry class in service_connector_registry.py, causing errors that block access to certain service connector types when concurrent REST requests are made.

    How to fix Race Condition within a Thread?

    Upgrade zenml to version 0.71.0 or higher.

    [,0.71.0)
    • M
    Incorrect Authorization

    zenml is a ZenML: Write production-ready ML code.

    Affected versions of this package are vulnerable to Incorrect Authorization due to improper RBAC enforcement.

    How to fix Incorrect Authorization?

    Upgrade zenml to version 0.72.0 or higher.

    [,0.72.0)
    • L
    Insufficient Session Expiration

    zenml is a ZenML: Write production-ready ML code.

    Affected versions of this package are vulnerable to Insufficient Session Expiration due to the improper session management mechanism. An attacker can maintain unauthorized access and perform actions as a legitimate user by reusing old session credentials or session IDs after a password change. The vulnerability arises when sessions do not expire immediately after a password change, allowing the session to remain active and usable in another browser without requiring re-authentication.

    How to fix Insufficient Session Expiration?

    There is no fixed version for zenml.

    [0.56.3,)
    Go back to all versions of this package