1255 matches found
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
PYSEC-2024-240
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
PYSEC-2024-241
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2024-27133
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
PYSEC-2024-240
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
Design/Logic Flaw
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
Design/Logic Flaw
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27133
CVE-2024-27133 : Affects MLflow. Insufficient sanitization of dataset table fields in MLflow recipes can cause a client-side XSS, which in turn can lead to a client-side RCE when running the recipe in Jupyter Notebook . Root cause: lack of input sanitization for untrusted datasets in the data tab...
CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2024-27132
MLflow suffers from insufficient sanitization of template variables, enabling XSS when loading an untrusted recipe and potentially enabling client-side RCE in Jupyter Notebook. The root cause is lack of input sanitization in rendering templates. Public details about affected versions or patches a...
CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
PT-2024-4085 · Unknown +1 · Jupyter Notebook +1
Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.4.1 Description: The issue stems from insufficient sanitization in MLflow, leading to cross-site scripting XSS when running an untrusted recipe. This can be escalated to a client-side remote code execution RCE when...
PT-2024-21666 · Mlflow · Mlflow
The issue is with MLflow, which has a problem with insufficient sanitization, leading to XSS when running a recipe that uses an untrusted dataset. This can further result in a client-side RCE when the recipe is run in Jupyter Notebook. The affected software is MLflow, and the issue arises from a...
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting...
[SECURITY] Fedora 39 Update: jupyterlab-4.0.11-1.fc39
JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...
[SECURITY] Fedora 39 Update: python-notebook-7.0.7-1.fc39
The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...
Fedora 39 : jupyterlab / python-notebook (2024-1673c2696e)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1673c2696e advisory. Update of jupyterlab and notebook including fix for CVE-2024-22420 . Tenable has extracted the preceding description block directly from the Fedora...