3 matches found
CVE-2024-0520
CVE-2024-0520 affects mlflow/mlflow v8.2.1, enabling remote code execution via command injection in mlflow.data.http_dataset_source.py when loading an HTTP URL dataset. The filename gathered from Content-Disposition or URL path is used to form the final file path without proper sanitization, allo...
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...