Lucene search
K

9 matches found

Chainguard
Chainguard
added 2025/10/16 7:17 a.m.5 views

GHSA-G7F3-828F-7H7M vulnerabilities

Vulnerabilities for packages: mlflow...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.6 views

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS7.2AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.4 views

CVE-2023-6831

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

8.1CVSS6.7AI score0.0329EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS6.7AI score0.00615EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/03/20 10:11 a.m.102 views

CVE-2025-0453

CVE-2025-0453 : In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to denial of service via large batches of queries that repeatedly request all runs from a given experiment, causing uncontrolled resource consumption and making the application unresponsive. The issue is document...

7.5CVSS5.7AI score0.00517EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

5.4CVSS5.5AI score0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.9 views

CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS5.2AI score0.00615EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.7 views

CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS6.5AI score0.00615EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.2 views

PT-2023-3707 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.5.0 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access in the validate path is safe function of the MLflow platform. This can allow a remote attacker to...

10CVSS9.2AI score0.70736EPSS
Exploits1References19
Rows per page
Query Builder