Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/03/22 1:25 p.m.11 views

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

7.5CVSS7.1AI score0.00517EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/03/20 12:32 p.m.5 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +675 more potentially affected by CVE-2025-0453 via mlflow (>=3.0.0rc2 <=3.1.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.11 and more Source cves: CVE-2025-0453 Source advisory: SNYK:PYTHON-MLFLOW-9510841...

7.5CVSS6.5AI score0.00517EPSS
Exploits1
vulnrichment
vulnrichment
added 2025/03/20 10:11 a.m.11 views

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

5.9CVSS5.7AI score0.00517EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:11 a.m.9 views

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

5.9CVSS6.6AI score0.00517EPSS
Exploits1References3
Rows per page
Query Builder