19 matches found
EUVD-2025-6960
Malicious code in bioql PyPI...
EUVD-2024-1239
Malicious code in bioql PyPI...
BIT-MLFLOW-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2024-6838
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
Missing Input Length Validation
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Input Length Validation in the experimentname - passed to...
MLflow Uncontrolled Resource Consumption vulnerability
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2024-6838
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2024-6838
CVE-2024-6838 affects mlflow/mlflow v2.13.2, allowing creation or renaming of an experiment with an unbounded number of integers in the name and no limit on the artifact_location, leading to potential denial of service due to UI unresponsiveness (uncontrolled resource consumption). The vulnerabil...
PT-2025-12167 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version v2.13.2 Description: A potential denial of service issue exists due to the lack of a limit on the experiment name, allowing the creation or renaming of an experiment with a large number of integers in its name. This can...
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
BIT-MLFLOW-2024-1594 Local File Read via Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
GHSA-M49C-5C52-6696 mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
CVE-2024-1594
CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...
CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
PT-2024-18084 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.9.2 Description: A path traversal vulnerability exists, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted artifact location and source...
PT-2024-18157 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists in the handling of the artifact location parameter when creating an experiment. Attackers can exploit this by using a fragment component in the artifact...