4 matches found
CVE-2025-0453
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +675 more potentially affected by CVE-2025-0453 via mlflow (>=3.0.0rc2 <=3.1.0rc0)
mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.11 and more Source cves: CVE-2025-0453 Source advisory: SNYK:PYTHON-MLFLOW-9510841...
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...