Lfprojects

Mlflow

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-2928

Exploit
  • EPSS 90.8%
  • Veröffentlicht 06.06.2024 19:15:55
  • Zuletzt bearbeitet 21.11.2024 09:10:51

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory tr...

8.8

CVE-2024-0520

Exploit
  • EPSS 4.88%
  • Veröffentlicht 06.06.2024 19:15:51
  • Zuletzt bearbeitet 15.10.2025 13:15:33

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when ...

8.8

CVE-2024-37061

Exploit
  • EPSS 7.36%
  • Veröffentlicht 04.06.2024 12:15:12
  • Zuletzt bearbeitet 03.02.2025 14:48:37

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

8.8

CVE-2024-37058

Exploit
  • EPSS 0.52%
  • Veröffentlicht 04.06.2024 12:15:12
  • Zuletzt bearbeitet 03.02.2025 14:46:16

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37059

Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.06.2024 12:15:12
  • Zuletzt bearbeitet 03.02.2025 14:46:23

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37060

Exploit
  • EPSS 0.39%
  • Veröffentlicht 04.06.2024 12:15:12
  • Zuletzt bearbeitet 03.02.2025 14:46:31

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.

8.8

CVE-2024-37057

Exploit
  • EPSS 0.52%
  • Veröffentlicht 04.06.2024 12:15:11
  • Zuletzt bearbeitet 03.02.2025 14:45:23

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37056

Exploit
  • EPSS 0.52%
  • Veröffentlicht 04.06.2024 12:15:11
  • Zuletzt bearbeitet 03.02.2025 14:45:07

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37055

Exploit
  • EPSS 0.52%
  • Veröffentlicht 04.06.2024 12:15:11
  • Zuletzt bearbeitet 03.02.2025 14:44:39

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

8.8

CVE-2024-37054

Exploit
  • EPSS 0.21%
  • Veröffentlicht 04.06.2024 12:15:11
  • Zuletzt bearbeitet 03.02.2025 14:40:37

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.