76 matches found
CVE-2024-37061
MLflow CVE-2024-37061 affects MLflow platforms running version 1.11.0 or newer. A maliciously crafted MLproject can trigger remote code execution on an end user’s system when run. Multiple connected sources corroborate RCE related to MLflow projects input handling, including descriptions and advi...
CVE-2023-1177
CVE-2023-1177 is a path traversal / local-file-inclusion vulnerability in mlflow/mlflow prior to 2.2.1. Affects the MLflow server endpoints handling model-versions and artifacts (e.g., GET /model-versions/get-artifact) where a crafted path can disclose files outside the intended directory. Concre...
CVE-2024-3848
CVE-2024-3848 affects mlflow/mlflow up to version 2.11.0. The path traversal stems from improper handling of the fragment component in artifact URLs, where a ‘#’ can insert a path into the URL fragment and bypass validation, allowing an attacker to read arbitrary files by mapping the URL to a fil...
CVE-2022-0736
CVE-2022-0736 affects mlflow/mlflow prior to 1.23.1, describing an insecure temporary file issue. The root cause is use of the deprecated tempfile.mktemp() pattern in the affected code, with remediation to upgrade to mlflow 1.23.1 or later as indicated by OSV/GHSA entries. The connected sources c...
CVE-2024-37059
MLflow contains a deserialization vulnerability affecting versions 0.5.0 and later in the PyTorch integration (mlflow/pytorch/init .py _load_model), where untrusted model data can trigger arbitrary code execution when a PyFunc model is loaded. Reports from Veracode describe attacker-controlled pi...
CVE-2023-6909
Mlflow up to version 2.9.2 is affected by CVE-2023-6909: a path traversal in the repository mlflow/mlflow allows escaping to read sensitive files via the sequence \..\filename. The vulnerability affects the mlflow/mlflow project prior to 2.9.2 and is classified as CWE-29. Impact in the NVD/NVD-de...
CVE-2024-27132
MLflow suffers from insufficient sanitization of template variables, enabling XSS when loading an untrusted recipe and potentially enabling client-side RCE in Jupyter Notebook. The root cause is lack of input sanitization in rendering templates. Public details about affected versions or patches a...
CVE-2024-27134
CVE-2024-27134 : Multiple connected sources confirm a vulnerability in MLflow’s spark_udf API where excessive directory permissions allow a local attacker to achieve privilege escalation via a ToCToU attack. Affected: MLflow (spark_udf path) with local execution context. Root cause: insufficient ...
CVE-2024-4263
CVE-2024-4263 describes a broken access control in mlflow/mlflow prior to 2.10.1, where users with EDIT permissions on an experiment can delete artifacts they should only be able to read/update. The issue stems from insufficient validation of DELETE requests for artifact deletions, enabling unaut...
CVE-2023-2356
CVE-2023-2356 is a Relative Path Traversal flaw in mlflow/mlflow before 2.3.1. The connected sources (Nuclei template, OSV entries, GHSA advisories) describe a vulnerability allowing traversal to read sensitive server files (LFI) via a crafted path. Affected software: mlflow/mlflow, versions prio...
CVE-2023-3765
MLflow (mlflow/mlflow) prior to version 2.5.0 contains an Absolute Path Traversal vulnerability. The issue arises in an MLflow repository and can lead to unauthorized access to sensitive information stored on the server. According to the connected sources, the affected component is mlflow/mlflow’...
CVE-2023-6568
MLflow XSS (CVE-2023-6568) : A reflected XSS exists in mlflow/mlflow due to how the Content-Type header from POST requests is handled. The vulnerability is in mlflow/server/auth/init .py, where user-supplied Content-Type is directly inserted into a Python-formatted string and returned, allowing a...
CVE-2023-6018
CVE-2023-6018 affects MLflow. An unauthenticated attacker can overwrite any file on the server hosting MLflow, potentially compromising integrity and enabling remote code execution per connected documents. Reported impact emphasizes unauthenticated file writes with high severity (CVSS up to 10.0 ...
CVE-2025-0453
CVE-2025-0453 : In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to denial of service via large batches of queries that repeatedly request all runs from a given experiment, causing uncontrolled resource consumption and making the application unresponsive. The issue is document...
CVE-2024-0520
CVE-2024-0520 affects mlflow/mlflow v8.2.1, enabling remote code execution via command injection in mlflow.data.http_dataset_source.py when loading an HTTP URL dataset. The filename gathered from Content-Disposition or URL path is used to form the final file path without proper sanitization, allo...
CVE-2024-27133
CVE-2024-27133 : Affects MLflow. Insufficient sanitization of dataset table fields in MLflow recipes can cause a client-side XSS, which in turn can lead to a client-side RCE when running the recipe in Jupyter Notebook . Root cause: lack of input sanitization for untrusted datasets in the data tab...
CVE-2023-1176
The CVE affects the open source MLflow project mlflow/mlflow prior to version 2.2.2 (ABSOLUTE PATH TRAVERSAL). Documented in multiple sources, the vulnerability allows an attacker to traverse the filesystem to access arbitrary files on the host via the mlflow server/ui workflow (attack vector: LO...
CVE-2023-6977
CVE-2023-6977 relates to Mlflow prior to 2.8.0 suffering a local file inclusion (path traversal) vulnerability. The Nuclei template specifies that an attacker could read sensitive files on the server and potentially modify data or perform unauthorized admin operations in context of the affected s...
CVE-2024-8859
Mlflow/mlflow 2.15.1 contains a path traversal/local file read vulnerability when using the dbfs service: the URL is interpolated into the file protocol with only the path portion validated, enabling reading arbitrary server files when dbfs is mounted locally. Public sources (Nuclei template, OSV...
CVE-2024-1483
Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...
CVE-2023-2780
CVE-2023-2780 affects the open-source project mlflow/mlflow prior to version 2.3.1. A path traversal flaw, described as a Local File Inclusion bypass via the payload "..\filename", can allow an attacker to read local files on the server. The Nuclei/NVD entries consistently reference this vulnerab...
CVE-2025-1474
Summary: CVE-2025-1474 affects mlflow/mlflow 2.18, where an admin can create a new user account without a password, potentially enabling unauthorized access. The issue is fixed in version 2.19.0. Reports across multiple sources (Red Hat, CIRCL, GHSA, osv, NVD, OSV) corroborate the same descriptio...
CVE-2024-1560
CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...
CVE-2023-6015
CVE-2023-6015 corresponds to MLflow where the server could be subjected to an arbitrary file upload. Multiple connected sources corroborate: the vulnerability is described as allowing arbitrary files to be PUT onto the MLflow server, with various third-party advisories and vulnerability databases...
CVE-2023-30172
CVE-2023-30172 describes a directory traversal in the mlflow platform’s /get-artifact API, allowing an attacker to read arbitrary server files via the path parameter. Affected: mlflow up to v2.0.1. Underlying cause: directory traversal in the get-artifact endpoint. Impact is high on confidentiali...
CVE-2024-1558
CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...
CVE-2024-1594
CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...
CVE-2023-6831
mlflow/mlflow prior to 2.9.2 is exposed to a path traversal in artifact deletion. The root cause is a double decoding path handling: _delete_artifact_mlflow_artifacts and local_file_uri_to_path allow traversal due to an extra unquote operation in delete_artifacts. This can enable deletion of arbi...
CVE-2024-2928
Summary: MLflow
CVE-2024-37054
CVE-2024-37054 affects MLflow and stems from a deserialization issue in mlflow.pyfunc.load_model that processes PyFunc models, allowing a maliciously crafted model to trigger arbitrary code execution when loaded or interacted with. Public details (NVD entry) indicate versions 0.9.0 and newer are ...
CVE-2024-3573
The CVE-2024-3573 entry concerns mlflow/mlflow with a Local File Inclusion (LFI) caused by improper parsing of URIs in the is_local_uri logic. The issue misclassifies URIs with empty or file schemes as non-local, enabling an attacker to craft malicious model versions (source parameter) that bypas...
CVE-2024-1593
This CVE describes a path traversal vulnerability in the mlflow/mlflow repository caused by improper handling of URL parameters. Attackers can smuggle path traversal sequences using the ';' character in URLs to manipulate the 'params' portion and access unauthorized files or directories. The repo...
CVE-2023-6014
CVE-2023-6014 affects MLflow and describes an authentication bypass that lets an attacker arbitrarily create accounts via the MLflow server/UI without credentials. Documentation in connected sources confirms the vulnerability stems from bypassing MLflow’s authentication mechanism (basic auth path...
CVE-2024-37052
The CVE-2024-37052 issue affects MLflow platforms running version 1.1.0 or newer. The root cause is deserialization of untrusted data during model handling, as described by multiple connected sources, including reports that an uploaded scikit-learn model can be crafted to trigger arbitrary code e...
CVE-2026-4035
CVE-2026-4035 affects mlflow/mlflow versions before 3.11.0. The API for AI Gateway secrets allows the api_key field to contain $ENV_VAR references, which are resolved against the MLflow server environment at runtime. Attackers can exfiltrate server-side environment credentials (e.g., AWS_ACCESS_K...
CVE-2023-43472
MLFlow before 2.8.1 is affected by CVE-2023-43472. A remote attacker can disclose sensitive information via a crafted request to the MLFlow REST API. Impact described in sources: access to sensitive information stored in MLFlow. Root cause: issue exists in MLFlow 2.8.1 and earlier as stated in th...
CVE-2023-6940
CVE-2023-6940 is a command-injection vulnerability affecting mlflow where a single user interaction (e.g., loading a malicious config) can lead to full command execution on the host. The publicly documented root cause in at least one source is unsafe YAML/config rendering due to not sandboxing th...
CVE-2025-1473
In MLflow (mlflow/mlflow), a CSRF vulnerability affects versions 2.17.0 to 2.20.1 in the Signup feature, allowing an attacker to create a new account and potentially perform unauthorized actions on behalf of the attacker’s account. The CVE-2025-1473 entry documents the flaw and its impact as Cros...
CVE-2024-3099
CVE-2024-3099 affects mlflow/mlflow 2.11.1 and is caused by inadequate validation of model names, allowing URL-encoded names to be treated as distinct from their decoded counterparts. This enables an attacker to create multiple models with the same name, leading to DoS (an authenticated user may ...
CVE-2023-6974
CVE-2023-6974 is a server-side request forgery (SSRF) affecting MLflow. The connected documents describe an issue where a malicious user can abuse redirects during artifact fetching to access internal HTTP(S) servers and, in the worst case, achieve remote code execution on the victim machine. The...
CVE-2023-4033
CVE-2023-4033 : The connected documents confirm an OS Command Injection vulnerability affecting the project mlflow/mlflow prior to version 2.6.0 . The sources (OSV, GHSA, NVD, and related advisories) consistently describe it as an OS command injection issue in that repository/version range. The d...
CVE-2024-6838
CVE-2024-6838 affects mlflow/mlflow v2.13.2, allowing creation or renaming of an experiment with an unbounded number of integers in the name and no limit on the artifact_location, leading to potential denial of service due to UI unresponsiveness (uncontrolled resource consumption). The vulnerabil...
CVE-2023-6753
CVE-2023-6753 is a path traversal vulnerability in mlflow/mlflow prior to 2.9.2. Affected software: mlflow/mlflow. Root cause: path traversal allowing access to files beyond the intended directory. Impact per CVE metrics: Confidentiality, Integrity, and Availability high. Exploitation details and...
CVE-2023-6709
CVE-2023-6709 affects mlflow/mlflow up to version 2.9.1 (prior to 2.9.2). The issue is improper neutralization of special elements used in a template engine (Jinja2), enabling template injection with potential arbitrary code execution. Affected component: mlflow/mlflow templates; root cause: inse...
CVE-2023-6975
CVE-2023-6975 is described in the connected data as a path traversal vulnerability related to MLflow (BIT-MLFLOW-2023-6975 / GHSA ...), potentially allowing command execution and access to data and models. The supplied documents do not provide explicit affected versions or remediation details; no...
CVE-2026-0596
The CWE/CVE describes a command-injection in mlflow/mlflow when serving a model with enable_mlserver=True. The vulnerability occurs because model_uri is embedded directly into a shell command executed via bash -c without sanitization, allowing shell metacharacters (e.g., $(), backticks) to enable...
CVE-2024-37056
CVE-2024-37056 affects the MLflow platform (versions 1.23.0 and newer) and involves unsafe deserialization of untrusted data. According to the sources, uploading a LightGBM scikit-learn model can be deserialized when run or loaded, enabling arbitrary code execution on the end user’s system. The p...
CVE-2023-6976
CVE-2023-6976 is an Arbitrary File Write issue described across multiple sources (NVD, Red Hat, OSV, Veracode, GitHub advisories) affecting the server process’s ability to write files to arbitrary locations on the remote filesystem. Public descriptions consistently state the vulnerability enables...
CVE-2025-14279
The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...
CVE-2025-15379
Summary: CVE-2025-15379 affects MLflow (model serving container initialization). In the function _install_model_dependencies_to_env(), when deploying with env_manager=LOCAL, dependency specs from the model artifact's python_env.yaml are interpolated into a shell command without sanitization, enab...