1231 matches found
CVE-2024-37058 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37059 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37060 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37058
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37061 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37061 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37058
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...
CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...
CVE-2024-37055 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37054 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37056 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37057 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37055
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37057
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37056
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...