Relative Path Traversal Affecting mlflow package, versions [,2.3.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MLFLOW-5496966
- published 4 May 2023
- disclosed 4 May 2023
- credit pakesson-truesec
How to fix?
Upgrade mlflow to version 2.3.1 or higher.
Overview
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.
Affected versions of this package are vulnerable to Relative Path Traversal due to allowing the ability to provide relative paths in registered model sources.
Note:
This issue only affects users and integrations that run the mlflow server and mlflow ui commands. Integrations that do not make use of mlflow server or mlflow ui are unaffected; for example, the Databricks Managed MLflow product and MLflow on Azure Machine Learning do not make use of these commands and are not impacted by these vulnerabilities in any way.
Workaround
Users who are unable to upgrade to the fixed version should limit who can access MLflow Model Registry and MLflow Tracking servers using a cloud VPC, an IP allowlist for inbound requests, authentication / authorization middleware, or another access restriction mechanism.