CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

PT-2024-21666 · Mlflow · Mlflow

The issue is with MLflow, which has a problem with insufficient sanitization, leading to XSS when running a recipe that uses an untrusted dataset. This can further result in a client-side RCE when the recipe is run in Jupyter Notebook. The affected software is MLflow, and the issue arises from a...

Mlflow Cross-Site Scripting Vulnerability

Mlflow is an open source platform for machine learning lifecycle. Mlflow suffers from a cross-site scripting vulnerability that stems from a lack of cleanup of dataset table fields, leading to cross-site scripting...

GHSA-M95H-P4GG-WFW3 Allegro AI ClearML path traversal vulnerability

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

Allegro AI ClearML path traversal vulnerability

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

CVE-2024-24591

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

Path traversal

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

CVE-2024-24591

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

PT-2024-20473 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI's ClearML platform versions 1.4.0 through 1.14.1 Description: A path traversal vulnerability in the client SDK of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary...

PT-2024-15633 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 8.2.1 mlflow/mlflow versions prior to 2.9.0 Description: A vulnerability in mlflow/mlflow allows for remote code execution due to improper neutralization of special elements used in an OS command within the...

[SECURITY] Fedora 38 Update: redis-7.0.15-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2024-0650

A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "alert'torada' leads to cross site scripting...

Fedora: Security Advisory (FEDORA-2024-6ef42a28c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-15717 · Unknown · Projectworlds Visitor Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Visitor Management System version 1.0 Description: A vulnerability was found in the Project Worlds Visitor Management System. It has been classified as problematic and affects an unknown function of the file dataset.php of the...

Out of memory error when submitting the dataset form with a specially-crafted field

Impact When submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error the user needs to have permissions to create o...

GHSA-7FGC-89CX-W8J5 Out of memory error when submitting the dataset form with a specially-crafted field

Impact When submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error the user needs to have permissions to create o...

CVE-2023-50248 CKAN out of memory error when submitting the dataset form with a specially-crafted field

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

CVE-2023-50248 CKAN out of memory error when submitting the dataset form with a specially-crafted field

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

PT-2023-31506 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions 2.0.0 through 2.9.9 CKAN versions 2.10.0 through 2.10.2 Description: CKAN is an open-source data management system for powering data hubs and data portals. When submitting a POST request to the "/dataset/new" endpoint including...