CVE-2024-37056 in MLflowinfo

Zusammenfassung

von MITRE • 04.06.2024

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

HiddenLayer

Reservieren

31.05.2024

Veröffentlichung

04.06.2024

Moderieren

akzeptiert

Eintrag

VDB-267037

CPE

bereit

EPSS

0.00618

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!