Описание
MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.
Пакеты
Наименование
mlflow
pip
Затронутые версииВерсия исправления
>= 0.5.0, <= 3.4.0
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 1 года назад
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.