mlflow@2.13.0 vulnerabilities

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Weak Password Requirements due to allowing password strings shorter than 12 characters. An attacker can gain unauthorized access by supplying weak credentials that bypass standard security checks.

Upgrade mlflow to version 2.22.0rc0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via insufficient validation of the gateway_path parameter in the gateway_proxy_handler process. An attacker can interact with unintended internal resources by supplying crafted input to bypass access controls.

Upgrade mlflow to version 3.0.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Missing Input Length Validation in the experiment_name - passed to the run_name() function - and artifact_location parameters. An attacker can cause the UI panel to become unresponsive by passing in an experiment name including a large number of integers.

Upgrade mlflow to version 2.21.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in handlers.py, which is exploitable over the /graphql endpoint. An attacker can occupy all available workers and make the server unresponsive to other connections by sending large batches of GraphQL queries that repeatedly request all runs from a given experiment and stay in a pending state. Experiments configured to have a large number of runs are vulnerable.

Upgrade mlflow to version 3.1.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Weak Password Requirements due to the lack of enforcement on password creation during new user account setup. An attacker can gain unauthorized access to the system by exploiting accounts created without passwords.

Upgrade mlflow to version 2.19.0rc0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the Signup feature. An attacker can create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.

Note:

If targeting the attack at an administrative user, the attacker can create a new user that will have access to sensitive data & functionality within MLflow.

Upgrade mlflow to version 2.20.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Relative Path Traversal in the _validate_non_local_source_contains_relative_paths() function. An application is vulnerable when the dbfs service is configured and mounted to a local directory rather than Databricks. An attacker can read arbitrary files by manipulating the URL used in the file: protocol, which fails to properly sanitize input beyond the path, such as query and parameters.

Upgrade mlflow to version 2.17.0rc0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to excessive directory permissions when the spark_udf() MLflow API is called. An attacker can gain elevated permissions by exploiting this vulnerability.

Upgrade mlflow to version 2.16.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary Code Injection due to the autologin method that allows injection of the MLflow callback into the user's callback list. This can lead to failures of predict_stream, ainvoke, astream, and abatch calls when configurations are specified.

Upgrade mlflow to version 2.15.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the BaseCard class within the recipes/cards/__init__.py file. An attacker can execute arbitrary code on the target system by creating an MLProject Recipe containing a malicious pickle file (e.g. pickle.pkl) and a python script that calls BaseCard.load(pickle.pkl). The pickle file will be deserialized when the project is run.

Note:

If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/pytorch/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the _run_entry_point function in the projects/backend/local.py file. An attacker can execute arbitrary code on the victim's system by submitting a maliciously crafted MLproject file.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_from_pickle function in the mlflow/langchain/utils.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_custom_objects function in the mlflow/tensorflow/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/lightgbm/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the pmdarima/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model_from_local_file function in the sklearn/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model, which will then be deserialized when the model is loaded.

There is no fixed version for mlflow.