Lucene search
K

9 matches found

Veracode
Veracode
added 2024/06/14 5:12 a.m.19 views

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the loadmodel function within the pmdarima/init.py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a PyFunc...

8.8CVSS7.9AI score0.00618EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/08 7:26 a.m.16 views

BIT-MLFLOW-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.7AI score0.00703EPSS
Exploits5References2
Veracode
Veracode
added 2024/06/07 6:8 a.m.26 views

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the loadmodel function within mlflow/pytorch/init.py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object into a...

8.8CVSS8.9AI score0.00618EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/04 12:31 p.m.9 views

GHSA-GHV6-9R9J-WH4J MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.4AI score0.00703EPSS
Exploits5References3
Github Security Blog
Github Security Blog
added 2024/06/04 12:31 p.m.29 views

MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00703EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2024/06/04 12:15 p.m.2 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00703EPSS
Exploits5References1
NVD
NVD
added 2024/06/04 12:15 p.m.44 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00703EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2024/06/04 12:0 p.m.16 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00703EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.8 views

PT-2024-27269

Name of the Vulnerable Software and Affected Versions MLflow platform versions 0.9.0 and newer Description The issue allows deserialization of untrusted data, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user's system when interacted with. Recommendations For MLflo...

8.8CVSS7.5AI score0.00703EPSS
Exploits5References11
Rows per page
Query Builder