Lfprojects: >> Mlflow >> 2.16.1 Security Vulnerabilities
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-06-04
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-11-16
Page 2