Lucene search
+L

5 matches found

nvd
nvd
added 2024/06/04 12:15 p.m.30 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
wolfi
wolfi
added 2024/06/04 12:15 p.m.35 views

CVE-2024-37052 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
osv
osv
added 2024/06/04 12:15 p.m.5 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00618EPSS
Exploits1References1
cve
cve
added 2024/06/04 11:59 a.m.75 views

CVE-2024-37052

The CVE-2024-37052 issue affects MLflow platforms running version 1.1.0 or newer. The root cause is deserialization of untrusted data during model handling, as described by multiple connected sources, including reports that an uploaded scikit-learn model can be crafted to trigger arbitrary code e...

8.8CVSS7.6AI score0.00618EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2024/06/04 11:59 a.m.40 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder