Design/Logic Flaw

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

Design/Logic Flaw

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

CVE-2024-27133

CVE-2024-27133 : Affects MLflow. Insufficient sanitization of dataset table fields in MLflow recipes can cause a client-side XSS, which in turn can lead to a client-side RCE when running the recipe in Jupyter Notebook . Root cause: lack of input sanitization for untrusted datasets in the data tab...

CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

CVE-2024-27132

MLflow suffers from insufficient sanitization of template variables, enabling XSS when loading an untrusted recipe and potentially enabling client-side RCE in Jupyter Notebook. The root cause is lack of input sanitization in rendering templates. Public details about affected versions or patches a...

CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

Mlflow Cross-Site Scripting Vulnerability

Mlflow is an open source platform for machine learning lifecycle. Mlflow suffers from a cross-site scripting vulnerability that stems from a lack of cleanup of dataset table fields, leading to cross-site scripting...

PT-2024-21666 · Mlflow · Mlflow

The issue is with MLflow, which has a problem with insufficient sanitization, leading to XSS when running a recipe that uses an untrusted dataset. This can further result in a client-side RCE when the recipe is run in Jupyter Notebook. The affected software is MLflow, and the issue arises from a...

Mlflow Cross-Site Scripting Vulnerability

Mlflow is an open source platform for machine learning lifecycles. Mlflow suffers from a cross-site scripting vulnerability that stems from a lack of cleanup of template variables, leading to cross-site scripting...

PT-2024-4085 · Unknown +1 · Jupyter Notebook +1

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.4.1 Description: The issue stems from insufficient sanitization in MLflow, leading to cross-site scripting XSS when running an untrusted recipe. This can be escalated to a client-side remote code execution RCE when...

PT-2024-15633 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 8.2.1 mlflow/mlflow versions prior to 2.9.0 Description: A vulnerability in mlflow/mlflow allows for remote code execution due to improper neutralization of special elements used in an OS command within the...

Path Traversal

mlfow is vulnerable to Path Traversal . The vulnerability is caused due to a lack of appropriate uri validation within uri.py. The attacker can read sensitive files on the mlflow server by exploiting this vulnerability...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is caused due to an inappropriate handling of path validation in ftp artifact repository, located within ftpartifactrepo.py. This allows an attacker to perform remote code execution and retrieve data & model information...

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is caused to an inappropriate path validation in the validatepathissafe function. This allows an attacker to arbitrarily write files to the mlflow serve...

Server Side Request Forgery (SSRF)

mlflow is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by following redirects while fetching HTTP artifact contents within the model-versions/get-artifact endpoint. A malicious user can exploit this to access internal HTTPs servers and in the worst case achieve remo...

Server Side Template Injection (SSTI)

mlflow is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration yaml files in the renderandmergeyamlfunction within mlflow/utils/fileutils.py. If a user loads a malicious recipe...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6974 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6974 Source advisory: OSV:GHSA-59V3-898R-QWHJ...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6975 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6975 Source advisory: OSV:GHSA-HH8P-P8MP-GQHM...