Lucene search
+L

5 matches found

NVD
NVD
added 2024/06/04 12:15 p.m.31 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Wolfi
Wolfi
added 2024/06/04 12:15 p.m.21 views

CVE-2024-37053 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
CVE
CVE
added 2024/06/04 12:0 p.m.34 views

CVE-2024-37053

CVE-2024-37053 applies to MLflow platforms 1.1.0 and newer, where deserialization of untrusted data (a maliciously uploaded scikit-learn model) can cause arbitrary code execution when interacted with. Affected component is the MLflow model loading path (e.g., _load_model_from_local_file). Root ca...

8.8CVSS7.6AI score0.00618EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/04 12:0 p.m.40 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.22 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder