CVE-2024-2171

Name of the Vulnerable Software and Affected Versions zenml-io/zenml versions 0.55.3 through 0.55.3

Description A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the logo url field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The impact of exploiting this vulnerability could lead to user account compromise.

Recommendations For version 0.55.3, update to version 0.56.2 to resolve the issue. As a temporary workaround, consider restricting access to the logo url field until a patch is available.