mlflow 3.5.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `load` function in the `BaseCard` class within the `recipes/cards/__init__.py` file. An attacker can execute arbitrary code on the target system by creating an MLProject Recipe containing a malicious pickle file (e.g. `pickle.pkl`) and a python script that calls `BaseCard.load(pickle.pkl)`. The pickle file will be deserialized when the project is run. Note: If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.27.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `mlflow/pytorch/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[0.5.0,)
H Improper Control of Generation of Code ('Code Injection') mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the `_run_entry_point` function in the `projects/backend/local.py` file. An attacker can execute arbitrary code on the victim's system by submitting a maliciously crafted MLproject file. How to fix Improper Control of Generation of Code ('Code Injection')? There is no fixed version for `mlflow`.	[1.11.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_from_pickle` function in the `mlflow/langchain/utils.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[2.5.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_custom_objects` function in the `mlflow/tensorflow/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[2.0.0rc0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `mlflow/lightgbm/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.23.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `pmdarima/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.24.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model_from_local_file` function in the `sklearn/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model, which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.1.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_pyfunc` function in the `mlflow/pyfunc/model.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[0.9.0,)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the BaseCard class within the recipes/cards/__init__.py file. An attacker can execute arbitrary code on the target system by creating an MLProject Recipe containing a malicious pickle file (e.g. pickle.pkl) and a python script that calls BaseCard.load(pickle.pkl). The pickle file will be deserialized when the project is run.

Note:

If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.27.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/pytorch/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[0.5.0,)

Improper Control of Generation of Code ('Code Injection')

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the _run_entry_point function in the projects/backend/local.py file. An attacker can execute arbitrary code on the victim's system by submitting a maliciously crafted MLproject file.

How to fix Improper Control of Generation of Code ('Code Injection')?

There is no fixed version for mlflow.

[1.11.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_from_pickle function in the mlflow/langchain/utils.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[2.5.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_custom_objects function in the mlflow/tensorflow/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[2.0.0rc0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/lightgbm/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.23.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the pmdarima/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.24.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model_from_local_file function in the sklearn/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model, which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.1.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_pyfunc function in the mlflow/pyfunc/model.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[0.9.0,)

mlflow@3.5.0 vulnerabilities

MLflow is an open source platform for the complete machine learning lifecycle

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically