4 matches found
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +112 more potentially affected by CVE-2024-37060 via mlflow (>=1.27.0 <=2.14.1)
mlflow PYPI version =1.27.0, =0.1.0, =0.0.5, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 - cortic =0.1.0 and more Source cves: CVE-2024-37060 Source advisory: OSV:GHSA-CV6C-7963-WXCG...
CVE-2024-37060 vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...
CVE-2024-37060
The CVE-2024-37060 entry corresponds to a deserialization of untrusted data in MLflow 1.27.0 and newer, allowing a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. The root cause is described as unsafe pickle deserialization in the Recipe handling path (recip...