3 matches found
CVE-2024-3099
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
CVE-2024-3099
CVE-2024-3099 affects mlflow/mlflow 2.11.1 and is caused by inadequate validation of model names, allowing URL-encoded names to be treated as distinct from their decoded counterparts. This enables an attacker to create multiple models with the same name, leading to DoS (an authenticated user may ...