Description

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.

INFO

Published Date :

2025-03-20T10:08:50.533Z

Last Modified :

2025-07-15T10:48:56.065Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9340 vulnerability.

Vendors Products
Zenml
  • Zenml
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9340.

URL Resource
https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d cve-icon cve-icon
https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact