Low severityNVD Advisory· Published Jun 6, 2024· Updated Aug 9, 2024
Stored XSS in zenml-io/zenml
CVE-2024-2171
Description
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zenmlPyPI | < 0.56.2 | 0.56.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vwgf-7f9h-h499ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-2171ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yamlghsaWEB
- github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945eghsaWEB
- huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8ghsaWEB
News mentions
0No linked articles in our index yet.