5 matches found
CVE-2024-37053
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37053 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37053
CVE-2024-37053 applies to MLflow platforms 1.1.0 and newer, where deserialization of untrusted data (a maliciously uploaded scikit-learn model) can cause arbitrary code execution when interacted with. Affected component is the MLflow model loading path (e.g., _load_model_from_local_file). Root ca...
CVE-2024-37053
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37053
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...