Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Clickjacking Vulnerability in zenml-io/zenml
Vulnerability Description
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
CVSS Information
N/A
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
ZenML 安全漏洞
Vulnerability Description
ZenML是一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 存在安全漏洞,该漏洞源于由于应用程序未能设置适当的 X-Frame-Options 或 Content-Security-Policy HTTP 标头,可能导致点击劫持。
CVSS Information
N/A
Vulnerability Type
N/A