Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | < 0.56.2 |
Related Weaknesses (CWE)
References
- https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945Patch
- https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8ExploitIssue TrackingPatch
- https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945Patch
- https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8ExploitIssue TrackingPatch
FAQ
What is CVE-2024-2171?
CVE-2024-2171 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacke...
How severe is CVE-2024-2171?
CVE-2024-2171 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2171?
Check the references section above for vendor advisories and patch information. Affected products include: Zenml Zenml.