6 matches found
a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2024-37059 via mlflow (>=0.8.2 <=3.4.0)
mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2024-37059 Source advisory: OSV:GHSA-WF7F-8FXF-XFXC...
CVE-2024-37059 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
MLflow contains a deserialization vulnerability affecting versions 0.5.0 and later in the PyTorch integration (mlflow/pytorch/init .py _load_model), where untrusted model data can trigger arbitrary code execution when a PyFunc model is loaded. Reports from Veracode describe attacker-controlled pi...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...