Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of untrusted data in the loadmodelfromlocalfile function within the sklearn/init.py. The vulnerability allows an attacker to inject a malicious pickle object into a model file on upload, which...

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

CVE-2024-5206 Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

CVE-2020-13092

CVE-2020-13092 affects scikit-learn (sklearn) up to version 0.23.0. The issue arises when untrusted data is deserialized via joblib.load() and the underlying reduce path triggers an os.system call, allowing command execution. Multiple connected sources (including NVD/OSV entries and related advis...