A vulnerability classified as critical has been found in zenml-io ZenML up to 0.55.4. Affected is an unknown function of the file /api/v1/steps of the component Endpoint. The manipulation leads to path traversal: '\..\filename'.
This vulnerability is traded as CVE-2024-2083. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.