4 matches found
Cross-Site Request Forgery (CSRF)
mlflow is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to lack of proper protection mechanisms in the Signup feature, allowing an attacker to craft malicious requests to create an account and perform unauthorized actions...
Cross-site Request Forgery (CSRF)
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Signup feature. An...
PT-2025-7512 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions 2.17.0 through 2.20.1 Description: A Cross-Site Request Forgery CSRF issue exists in the Signup feature. This allows an attacker to create a new account, which can be used to perform unauthorized actions on behalf of th...
Liberapay: Liberapay Non Verified Account Takeover with signup feature
Hi, So i saw a strange behaviour of your web on signup feature when that can be escalated to Account Takeover but for limited timeline, Issue: When a New user signup for an account on https://en.liberapay.com/ he have to enter his email address only and it doesn't say anything about sending a...