Lucene search
K

5 matches found

Wolfi
Wolfi
added 2024/06/04 12:15 p.m.21 views

CVE-2024-37055 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
OSV
OSV
added 2024/06/04 12:15 p.m.4 views

CVE-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.5AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.22 views

CVE-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.18 views

CVE-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
CVE
CVE
added 2024/06/04 12:0 p.m.30 views

CVE-2024-37055

CVE-2024-37055 involves the MLflow platform (v1.24.0+). The issue is a deserialization of untrusted data in the pmdarima model handling, specifically in the _load_model path of mlflow's pmdarima/init .py, which can allow code execution on an end user’s system when a malicious PyFunc model is inte...

8.8CVSS7.6AI score0.00618EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder