Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of validation in the loadfrompickle function in the mlflow/langchain/utils.py file, allowing an attacker to execute arbitrary code on the victim's system through a malicious Langchain AgentExecutor...