Design/Logic Flaw

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

Mlflow Cross-Site Scripting Vulnerability

Mlflow is an open source platform for machine learning lifecycle. Mlflow suffers from a cross-site scripting vulnerability that stems from a lack of cleanup of dataset table fields, leading to cross-site scripting...