CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

mlflow PYPI version =1.11.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.3.8 and more Source cves: CVE-2024-37061 Source advisory: OSV:GHSA-PQCV-QW2R-R859...

8.8CVSS7.2AI score0.00884EPSS

Exploits1

vulnersOsv•added 2024/06/04 12:31 p.m.•2 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +113 more potentially affected by CVE-2024-37060 via mlflow (>=1.27.0 <=2.14.1)

mlflow PYPI version =1.27.0, =0.1.0, =0.0.5, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-37060 Source advisory: OSV:GHSA-CV6C-7963-WXCG...

8.8CVSS7.2AI score0.00769EPSS

Exploits1

vulnersOsv•added 2024/06/04 12:31 p.m.•4 views

autorad (=0.2.6), bernn (>=0.1.3 <=0.3.2) +31 more potentially affected by CVE-2024-37057 via mlflow (>=2.0.0rc0 <=2.14.1)

mlflow PYPI version =2.0.0rc0, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =1.0.0, =0.0.1, =0.1.0, =1.10.2, =0.1.2, =1.2.7, =1.6.1, =0.2.9, =0.3.0 - llm-foundry =0.9.0 and more Source cves: CVE-2024-37057 Source advisory: OSV:GHSA-J8MG-PQC5-X9GJ...

8.8CVSS7.2AI score0.00618EPSS

Exploits1

vulnersOsv•added 2024/06/04 12:31 p.m.•0 views

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +940 more potentially affected by CVE-2024-37059 via mlflow (>=0.8.2 <=3.4.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2024-37059 Source advisory: OSV:GHSA-WF7F-8FXF-XFXC...

8.8CVSS7.4AI score0.00618EPSS

Exploits1

Chainguard•added 2024/06/04 12:31 p.m.•35 views

GHSA-PQCV-QW2R-R859 vulnerabilities

Vulnerabilities for packages: mlflow...

7.3AI score

Exploits0

Github Security Blog•added 2024/06/04 12:31 p.m.•17 views

MLFlow improper input validation

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input...

8.8CVSS9.1AI score0.00884EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2024/06/04 12:31 p.m.•17 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2024/06/04 12:31 p.m.•20 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...

8.8CVSS8.9AI score0.00769EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2024/06/04 12:31 p.m.•29 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2024/06/04 12:31 p.m.•26 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS

Exploits1References3Affected Software1