5 matches found
CVE-2024-37055 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37055
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37055
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37055
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37055
CVE-2024-37055 involves the MLflow platform (v1.24.0+). The issue is a deserialization of untrusted data in the pmdarima model handling, specifically in the _load_model path of mlflow's pmdarima/init .py, which can allow code execution on an end user’s system when a malicious PyFunc model is inte...