CVE-2024-37056 in MLflow
Zusammenfassung
von MITRE • 04.06.2024
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.