3 matches found
BIT-MLFLOW-2025-15379 Command Injection in mlflow/mlflow
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
CVE-2025-15379
Summary: CVE-2025-15379 affects MLflow (model serving container initialization). In the function _install_model_dependencies_to_env(), when deploying with env_manager=LOCAL, dependency specs from the model artifact's python_env.yaml are interpolated into a shell command without sanitization, enab...
PT-2026-28801
Name of the Vulnerable Software and Affected Versions MLflow versions 3.8.0 through 3.8.1 Description A command injection issue exists in MLflow’s model serving container initialization code, specifically within the install model dependencies to env function. When deploying a model with env...