MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contain security vulnerabilities. These vulnerabilities stem fr...

Cross-site Scripting (XSS)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe parsing of YAML-based MLmodel...

MLflow 信息泄露漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. However, MLFlow has a vulnerability related to information leakage. This vulnerability stems from...

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. MLflow suffers from a security vulnerability that stems from weak password requirements that could lea...

MLflow 路径遍历漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. MLflow suffers from a path traversal vulnerability that stems from improper handling of model file...

EUVD-2024-2125

Malicious code in bioql PyPI...

EUVD-2024-2030

Malicious code in bioql PyPI...

EUVD-2024-2203

Malicious code in bioql PyPI...

EUVD-2024-2029

Malicious code in bioql PyPI...

EUVD-2023-0160

Malicious code in bioql PyPI...

EUVD-2024-2055

Malicious code in bioql PyPI...

EUVD-2024-1907

Malicious code in bioql PyPI...

EUVD-2024-2087

Malicious code in bioql PyPI...

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

Cross-site Request Forgery (CSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Signup feature. An...

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

BIT-MLFLOW-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

MLFlow improper input validation

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input...

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

CVE-2024-37059

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...