zenml@0.71.0 vulnerabilities

ZenML: Write production-ready ML code.

0.81.0

4 years ago

3 days ago

Known vulnerabilities in the zenml package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF) zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the `generate_access_token()` function in `auth.py`. How to fix Cross-site Request Forgery (CSRF)? Upgrade `zenml` to version 0.73.0 or higher.	[,0.73.0)
M Incorrect Authorization zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Incorrect Authorization due to improper RBAC enforcement. How to fix Incorrect Authorization? Upgrade `zenml` to version 0.72.0 or higher.	[,0.72.0)
L Insufficient Session Expiration zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the improper session management mechanism. An attacker can maintain unauthorized access and perform actions as a legitimate user by reusing old session credentials or session IDs after a password change. The vulnerability arises when sessions do not expire immediately after a password change, allowing the session to remain active and usable in another browser without requiring re-authentication. How to fix Insufficient Session Expiration? There is no fixed version for `zenml`.	[0.56.3,)