Lucene search
K

43 matches found

OSV
OSV
added 2024/06/04 12:15 p.m.2 views

CVE-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

8.8CVSS6.2AI score0.00884EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.32 views

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.43 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00697EPSS
Exploits5References1
NVD
NVD
added 2024/06/04 12:15 p.m.30 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 12:15 p.m.31 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:2 p.m.20 views

CVE-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

8.8CVSS9.1AI score0.00884EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:2 p.m.32 views

CVE-2024-37060

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...

8.8CVSS8.9AI score0.00769EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:1 p.m.31 views

CVE-2024-37059

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:1 p.m.31 views

CVE-2024-37058

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:1 p.m.20 views

CVE-2024-37058

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:1 p.m.14 views

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.2AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:1 p.m.24 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.17 views

CVE-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.16 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00697EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.22 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.8 views

PT-2024-27269

Name of the Vulnerable Software and Affected Versions MLflow platform versions 0.9.0 and newer Description The issue allows deserialization of untrusted data, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user's system when interacted with. Recommendations For MLflo...

8.8CVSS7.5AI score0.00697EPSS
Exploits5References11
OSV
OSV
added 2024/03/06 10:58 a.m.14 views

BIT-MLFLOW-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

7.5CVSS7.4AI score0.00996EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/11 3:30 a.m.40 views

mflow vulnerable to directory traversal

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter...

7.5CVSS6.4AI score0.00996EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/05/11 2:15 a.m.33 views

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References2
Prion
Prion
added 2023/05/11 2:15 a.m.15 views

Directory traversal

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

5CVSS7.4AI score0.00996EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder