Описание
MLflow Cross-Site Request Forgery (CSRF) vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.
Пакеты
Наименование
mlflow
pip
Затронутые версииВерсия исправления
>= 2.17.0, < 2.20.3
2.20.3
Связанные уязвимости
CVSS3: 7.1
nvd
11 месяцев назад
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.