3 matches found
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
PYSEC-2024-240
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.The vulnerability stems from lack of sanitization over template variables...
PT-2024-4085 · Unknown +1 · Jupyter Notebook +1
Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.4.1 Description: The issue stems from insufficient sanitization in MLflow, leading to cross-site scripting XSS when running an untrusted recipe. This can be escalated to a client-side remote code execution RCE when...