7 matches found
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +164 more potentially affected by CVE-2024-37061 via mlflow (>=1.11.0 <=2.13.1)
mlflow PYPI version =1.11.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-37061 Source advisory: OSV:GHSA-PQCV-QW2R-R859...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...
CVE-2024-37061 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37061
MLflow CVE-2024-37061 affects MLflow platforms running version 1.11.0 or newer. A maliciously crafted MLproject can trigger remote code execution on an end user’s system when run. Multiple connected sources corroborate RCE related to MLflow projects input handling, including descriptions and advi...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...