MLflow 操作系统命令注入漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible executions, and sharing and deploying models. MLFlow has a vulnerability related to operating system command injection. This vulnerability...

PT-2026-29269

Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description A command injection issue exists in mlflow/mlflow when serving a model with enable mlserver=True. The model uri is directly incorporated into a shell command executed using bash -c...

CVE-2025-15381

A flaw was found in mlflow/mlflow. When the basic-auth application is enabled, tracing and assessment endpoints lack proper permission validation. This allows any authenticated user, even those without specific permissions on an experiment, to read sensitive trace information and create...

CVE-2025-15036

A flaw was found in mlflow. A path traversal vulnerability exists in the extractarchivetodir function, which is responsible for extracting archives. An attacker who can control the input tar.gz file can exploit this vulnerability due to insufficient validation of paths within the archive. This...

EUVD-2025-209121

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2025-15379 via mlflow (>=0.8.2 <=3.6.0rc0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-15379 Source advisory: OSV:GHSA-R23Q-823P-VMF7...

GHSA-R23Q-823P-VMF7 MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

ai-24sea (>=0.1.0 <=1.0.0), api-python-bet-project (>=0.1.9 <=0.1.28) +71 more potentially affected by CVE-2025-15379 via mlflow (>=2.11.0 <=2.22.4)

mlflow PYPI version =2.11.0, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.3, =1.9.23, =0.1.0, =0.0.10, =1.0.7, =0.1.2370984012, =0.0.41, =1.6.0, =1.8.2 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +899 more potentially affected by CVE-2025-15379 via mlflow-skinny (>=1.19.0 <=3.9.0rc0)

mlflow-skinny PYPI version =1.19.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15857931...

Arbitrary Command Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv function. An attacker can execute arbitrary commands by supplying a crafted model artifact containing malicious dependency specifications in the pythonenv.yaml file, which...

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CVE-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CVE-2025-15379

Summary: CVE-2025-15379 affects MLflow (model serving container initialization). In the function _install_model_dependencies_to_env(), when deploying with env_manager=LOCAL, dependency specs from the model artifact's python_env.yaml are interpolated into a shell command without sanitization, enab...

EUVD-2025-209119

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +948 more potentially affected by CVE-2025-15036 via mlflow (>=0.8.2 <=3.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-15036 Source advisory: OSV:GHSA-VHCX-3PQ2-4FVC...

MLFlow path traversal vulnerability

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...