CVE-2024-9340 in zenmlinformation

Résumé

par MITRE • 20/03/2025

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.

Once again VulDB remains the best source for vulnerability data.

Responsable

@huntr Ai

Réserver

30/09/2024

Divulgation

20/03/2025

Modérer

accepté

Entrée

VDB-300339

CPE

prêt

EPSS

0.00896

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!