0.71.0
4 years ago
13 days ago
Known vulnerabilities in the zenml package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the How to fix Allocation of Resources Without Limits or Throttling? Upgrade | [,0.57.0rc2) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the How to fix Cross-site Scripting (XSS)? Upgrade | [,0.58.0) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to improper handling of line feed ( How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade | [,0.57.1) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Authentication. An attacker with access to an active user session can change the account password without needing to know the current password, leading to unauthorized account takeover by bypassing the standard password change verification process. How to fix Improper Authentication? Upgrade | [,0.56.3) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Authorization through the API PUT /api/v1/users/id endpoint. An authenticated attacker can modify the information of other users, including deactivating their accounts, by manipulating the How to fix Improper Authorization? Upgrade | [,0.56.2) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the Notes:
How to fix Cross-site Scripting (XSS)? Upgrade | [,0.56.2) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Race Condition due to the insufficient handling of concurrent user creation requests. An attacker can create multiple users with the same username and potentially disrupt the authentication process by sending parallel requests. How to fix Race Condition? Upgrade | [,0.55.5) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to the application's failure to set appropriate How to fix Improper Restriction of Rendered UI Layers or Frames? Upgrade | [,0.56.3) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the How to fix Path Traversal? Upgrade | [,0.55.5) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Session Fixation due to the JWT tokens not being changed every time the user logs out and back in. An attacker can bypass authentication to access the victim's account without knowing the victim's password. How to fix Session Fixation? Upgrade | [,0.56.2) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the How to fix Unrestricted Upload of File with Dangerous Type? Upgrade | [,0.55.5) |
zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Improper Authentication via the How to fix Improper Authentication? Upgrade | [,0.42.2)[0.43.0,0.43.1)[0.44.0,0.44.4)[0.46.0,0.47.0) |