Lucene search
+L

7 matches found

Circl
Circl
added 2025/02/06 2:39 a.m.7 views

CVE-2024-37056

creationtimestamp| type| source ---|---|--- 2025-02-06 02:39:17+00:00| seen| Telegram/GUBRSLALG7pp9aFIcqtnw-oyTlJeDGIM4pYyRgktzZqTfT9...

8.8CVSS4.8AI score0.00618EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/06/04 12:31 p.m.4 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +131 more potentially affected by CVE-2024-37056 via mlflow (>=1.23.0 <=2.14.1)

mlflow PYPI version =1.23.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 - cortic =0.1.0 and more Source cves: CVE-2024-37056 Source advisory: OSV:GHSA-7P8J-QV6X-F4G4...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
NVD
NVD
added 2024/06/04 12:15 p.m.25 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Wolfi
Wolfi
added 2024/06/04 12:15 p.m.17 views

CVE-2024-37056 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
CVE
CVE
added 2024/06/04 12:1 p.m.45 views

CVE-2024-37056

CVE-2024-37056 affects the MLflow platform (versions 1.23.0 and newer) and involves unsafe deserialization of untrusted data. According to the sources, uploading a LightGBM scikit-learn model can be deserialized when run or loaded, enabling arbitrary code execution on the end user’s system. The p...

8.8CVSS7.6AI score0.00618EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/04 12:1 p.m.24 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:1 p.m.28 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder