Home > Vulnerability Database > CVE-2024-9340

Mend.io Vulnerability Database

CVE-2024-9340

Good to know:

Date: March 20, 2025

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include "/api/v1/login" and "/api/v1/device_authorization".

Severity Score

7.5

Related Resources (6)

Url: https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9340

Url: https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d

Url: https://github.com/zenml-io/zenml

Url: https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2024-9340

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version zenml - 0.68.0;zenml - 0.68.0;https://github.com/zenml-io/zenml.git - 0.68.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9340

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?