Описание
MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.
Пакеты
Наименование
mlflow
pip
Затронутые версииВерсия исправления
>= 1.27.0, <= 2.14.1
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 1 года назад
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.