{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4460", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-05-03T07:02:30.582Z", "datePublished": "2024-06-24T06:58:10.591Z", "dateUpdated": "2024-07-02T19:45:51.676Z"}, "containers": {"cna": {"title": "DoS Vulnerability in zenml-io/zenml", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-24T06:58:10.591Z"}, "descriptions": [{"lang": "en", "value": "A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers."}], "affected": [{"vendor": "zenml-io", "product": "zenml-io/zenml", "versions": [{"version": "unspecified", "lessThan": "0.57.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de"}, {"url": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "a387c935-b970-44d7-bddc-71c1c90aa2de", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "zenmlio", "product": "zenml", "cpes": ["cpe:2.3:a:zenmlio:zenml:0.56.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.56.3", "status": "affected", "lessThanOrEqual": "0.57.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:37:20.445235Z", "id": "CVE-2024-4460", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:45:51.676Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en zenml-io/zenml versi\u00f3n 0.56.3 debido al manejo inadecuado de los caracteres de avance de l\u00ednea (`\\n`) en los nombres de los componentes. Cuando un usuario con pocos privilegios agrega un componente a trav\u00e9s del endpoint API `api/v1/workspaces/default/components` con un nombre que contiene un car\u00e1cter `\\n`, genera un consumo incontrolado de recursos. Esta vulnerabilidad da como resultado la incapacidad de los usuarios para agregar nuevos componentes en ciertas categor\u00edas (por ejemplo, 'Creador de im\u00e1genes') y registrar nuevas pilas a trav\u00e9s de la interfaz de usuario, lo que degrada la experiencia del usuario y potencialmente inutiliza el panel ZenML. El problema no afecta la adici\u00f3n de componentes a trav\u00e9s de la interfaz de usuario web, ya que los caracteres `\\n` se escapan correctamente en ese contexto. La vulnerabilidad se prob\u00f3 en ZenML ejecut\u00e1ndose en Docker y se observ\u00f3 en los navegadores Firefox y Chrome."}], "id": "CVE-2024-4460", "lastModified": "2024-06-24T12:57:36.513", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-06-24T07:15:15.400", "references": [{"source": "security@huntr.dev", "url": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}