High severityNVD Advisory· Published Mar 20, 2025· Updated Jul 15, 2025
Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml
CVE-2024-9340
Description
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include /api/v1/login and /api/v1/device_authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zenmlPyPI | < 0.68.0 | 0.68.0 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6gmf-2369-c76cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9340ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yamlghsaWEB
- github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48dghsaWEB
- huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6ghsaWEB
News mentions
0No linked articles in our index yet.