EUVD-2023-57559

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.17.2-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow version 2.17.2, which stems from a possible denial-of-servic...

CVE-2024-50500

Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2...

Hawt Hawtio 路径遍历漏洞

Hawt Hawtio is a modular web console program for managing Java content. A security vulnerability exists in Hawt Hawtio version 2.17.2 that stems from the presence of a path traversal vulnerability. An attacker can exploit the vulnerability to input a malicious unzipped file, resulting in the file...

PT-2023-24377 · Hawtio · Hawtio

Name of the Vulnerable Software and Affected Versions: hawtio version 2.17.2 Description: The issue allows an attacker to input malicious zip files, which can result in high-risk files after decompression being stored in any location, potentially leading to file overwrite. This is due to a Path...

Security fix for the ALT Linux 10 package git version 2.17.2-alt1

Sept. 27, 2018 Dmitry V. Levin 2.17.2-alt1 - 2.17.1 - 2.17.2 fixes: CVE-2018-17456...

Regular Expression Denial of Service

Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...