Lfprojects: >> Mlflow >> 2.5.0 Security Vulnerabilities
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVSS Score
9.1
EPSS Score
0.009
Published
2023-11-16
MLflow allowed arbitrary files to be PUT onto the server.
CVSS Score
10.0
EPSS Score
0.008
Published
2023-11-16
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-01
Page 5