Lucene search
HistoryFeb 23, 2024 - 10:15 p.m.
CVE-2024-27132
mlflow
xss
rce
jupyter notebook
sanitization
template variables
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
Related
github
github
Cross-site Scripting in MLFlow
2024-02-24 00:30:20
prion
prion
Design/Logic Flaw
2024-02-23 22:15:00
osv
osv
Cross-site Scripting in MLFlow
2024-02-24 00:30:20
BIT-mlflow-2024-27132
2024-03-31 18:21:50
veracode
veracode
Cross Site Scripting (XSS)
2024-02-26 09:25:48
cvelist
cvelist
cve
cve
CVE-2024-27132
2024-02-23 22:15:55
vulnrichment
vulnrichment
thn
thn
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-27132