2.19.0
6 years ago
10 days ago
Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the Note: If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you. How to fix Deserialization of Untrusted Data? There is no fixed version for | [1.27.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [0.5.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the How to fix Improper Control of Generation of Code ('Code Injection')? There is no fixed version for | [1.11.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [2.5.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [2.0.0rc0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [1.23.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [1.24.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [1.1.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the How to fix Deserialization of Untrusted Data? There is no fixed version for | [0.9.0,) |
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the How to fix Path Traversal? There is no fixed version for | [0,) |