Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up
lfprojects

mlflow

12 Versions 19 CVEs

Versions

2.5.0

SEMANTIC 1 CVE

0

SINGLE_NUMBER 6 CVEs

1.1.0

SEMANTIC 2 CVEs

1.24.0

SEMANTIC 1 CVE

2.11.1

SEMANTIC 1 CVE

1.23.0

SEMANTIC 1 CVE

1.27.0

SEMANTIC 1 CVE

2.11.0

SEMANTIC 1 CVE

2.9.2

SEMANTIC 4 CVEs

2.0.0rc0

RC 1 CVE

0.9.0

SEMANTIC 1 CVE

1.11.0

SEMANTIC 1 CVE

Recent CVEs

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

HIGH Nov 25, 2024

CVE-2024-2928

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.

HIGH Jun 06, 2024

CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

CRITICAL Apr 16, 2024

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

HIGH Feb 23, 2024

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.

HIGH Feb 23, 2024

CVE-2023-3765

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

CRITICAL Jul 19, 2023