Lfprojects

Mlflow

52 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-37059

Exploit
  • EPSS 0.42%
  • Published 04.06.2024 12:15:12
  • Last modified 03.02.2025 14:46:23

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37058

Exploit
  • EPSS 0.38%
  • Published 04.06.2024 12:15:12
  • Last modified 03.02.2025 14:46:16

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37060

Exploit
  • EPSS 0.29%
  • Published 04.06.2024 12:15:12
  • Last modified 03.02.2025 14:46:31

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.

8.8

CVE-2024-37061

Exploit
  • EPSS 5.56%
  • Published 04.06.2024 12:15:12
  • Last modified 03.02.2025 14:48:37

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

8.8

CVE-2024-37057

Exploit
  • EPSS 0.38%
  • Published 04.06.2024 12:15:11
  • Last modified 03.02.2025 14:45:23

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37056

Exploit
  • EPSS 0.38%
  • Published 04.06.2024 12:15:11
  • Last modified 03.02.2025 14:45:07

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37055

Exploit
  • EPSS 0.38%
  • Published 04.06.2024 12:15:11
  • Last modified 03.02.2025 14:44:39

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37054

Exploit
  • EPSS 0.16%
  • Published 04.06.2024 12:15:11
  • Last modified 03.02.2025 14:40:37

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37053

Exploit
  • EPSS 0.38%
  • Published 04.06.2024 12:15:10
  • Last modified 03.02.2025 14:35:07

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37052

Exploit
  • EPSS 0.42%
  • Published 04.06.2024 12:15:10
  • Last modified 03.02.2025 14:35:02

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.