ByteOS Network

NVD Vulnerability Details :

CVE-2024-9340

Modified

Source-security@huntr.dev

Published At-20 Mar, 2025 | 10:15

Updated At-15 Jul, 2025 | 11:15

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

zenml>>zenml>>Versions before 0.68.0(exclusive)

cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-835	Primary	security@huntr.dev
CWE-835	Secondary	nvd@nist.gov

CWE ID: CWE-835

Type: Primary

Source: security@huntr.dev

CWE ID: CWE-835

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d	security@huntr.dev	Patch
https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6	security@huntr.dev	Exploit Third Party Advisory

Hyperlink: https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d

Source: security@huntr.dev

Resource:

Patch

Hyperlink: https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6

Source: security@huntr.dev

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History