Medium

zenml

Denial of Service via Component Name Injection

A Denial of Service (DoS) vulnerability was identified in ZenML version 0.56.3, allowing low-privileged users to disrupt the functionality of the ZenML Dashboard by injecting a newline character (`\n`) into component names through the API. This vulnerability was patched in version 0.57.1.

Available publicly on Jun 24 2024

4.3

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Credit:

sev-hack
Threat Overview

The vulnerability arises from the improper handling of newline characters in component names. When a component is added through the ZenML Dashboard's API without proper escaping of special characters, the newline character can be injected into the component name. This injection disrupts the display and functionality of the ZenML Dashboard, particularly affecting the ability to add new components or register new stacks through the UI. The issue is exacerbated by the fact that it can be exploited by users with low privileges, making it a significant threat to the integrity and availability of the ZenML service.

Attack Scenario

An attacker, logged in as a low-privileged user, intercepts their own request to add a new component via the ZenML Dashboard's API. They modify the request to include a newline character in the component name. This malformed component name, when processed by the backend, leads to a partial DoS condition where certain functionalities of the ZenML Dashboard become unusable for other users, including the inability to add new components or register new stacks through the UI.

Who is affected

All users of the ZenML Dashboard version 0.56.3 are affected by this vulnerability, especially in environments where multiple users, including those with low privileges, can add components. The vulnerability directly impacts the usability of the ZenML Dashboard, hindering users' ability to add new components or register new stacks through the UI.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.