9 matches found
GHSA-G7F3-828F-7H7M vulnerabilities
Vulnerabilities for packages: mlflow...
CVE-2025-52967
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...
CVE-2023-6831
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
MLflow Uncontrolled Resource Consumption vulnerability
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2025-0453
CVE-2025-0453 : In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to denial of service via large batches of queries that repeatedly request all runs from a given experiment, causing uncontrolled resource consumption and making the application unresponsive. The issue is document...
CVE-2025-1473 CSRF in mlflow/mlflow
A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
PT-2023-3707 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.5.0 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access in the validate path is safe function of the MLflow platform. This can allow a remote attacker to...