CVE-2025-0453

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.

Ссылки

https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b
Exploit
Third Party Advisory
https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lfprojects:mlflow:2.17.2:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-410

NVD-CWE-noinfo

Связанные уязвимости

GHSA-49m6-vrr9-2cqm

CVSS3: 5.9

github

11 месяцев назад

MLflow Uncontrolled Resource Consumption vulnerability

EPSS

Процентиль: 34%

0.00136

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-410

NVD-CWE-noinfo