All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A Local File Inclusion vulnerability (LFI, a flaw that lets attackers read files they shouldn't access) was found in MLflow version 2.9.2. The bug exists because the application doesn't properly check the fragment part of web addresses (the section after the '#' symbol) for directory traversal sequences like '../', which allow attackers to navigate folders and read sensitive files like system password files.
Fix: The vulnerability was fixed in version 2.11.3.
NVD/CVE DatabaseMLflow version 8.2.1 has a command injection vulnerability (a flaw where attackers can execute arbitrary commands by inserting malicious code into a system command) in its HTTP dataset loading function. When loading datasets, the software doesn't properly clean up filenames from URLs, allowing attackers to write files anywhere on the system and potentially run harmful commands.
PyTorch Lightning version 2.2.1 has a critical vulnerability where attackers can execute arbitrary code on self-hosted applications by crafting malicious serialized data (deepdiff.Delta objects, which are used to represent changes to data). The vulnerability exists because the application doesn't properly block access to dunder attributes (special Python attributes starting with underscores), allowing attackers to bypass security restrictions and modify the application's state.
Gradio version 4.25 has a local file inclusion vulnerability (a security flaw where attackers can read files they shouldn't access) in its JSON component. The problem occurs because the `postprocess()` function doesn't properly validate user input before parsing it as JSON, and if the JSON contains a `path` key, the system automatically moves that file to a temporary directory where attackers can retrieve it using the `/file=..` endpoint.
EmailGPT has a prompt injection vulnerability (a technique where attackers hide malicious instructions in their input to trick the AI) that allows anyone with access to the service to manipulate it into leaking its internal system prompts or executing unintended commands. Attackers can exploit this by submitting specially crafted requests that trick the service into providing harmful information or performing actions it wasn't designed to do.
A workflow file (a set of automated tasks) in the Gradio project has a security flaw where it runs code from external copies of the repository without proper safety checks, allowing attackers to steal sensitive secrets (like API keys and authentication tokens). This happens because the workflow trusts and executes code from forks (unauthorized copies of the project) in an environment that has access to the main repository's secrets.
CVE-2024-37061 is a remote code execution vulnerability (the ability for an attacker to run commands on someone else's system) in MLflow (a machine learning platform) version 1.11.0 and newer. An attacker can create a malicious MLproject file that executes arbitrary code when a user runs it on their computer.
CVE-2024-37060 is a vulnerability in MLflow (a machine learning platform) version 1.27.0 and newer where deserialization of untrusted data (the process of converting received data back into usable objects without checking if it's safe) can occur. A malicious Recipe (a workflow template in MLflow) could exploit this to execute arbitrary code (run any commands) on a user's computer when the Recipe is run.
CVE-2024-37059 is a vulnerability in MLflow (a platform for managing machine learning workflows) version 0.5.0 and newer where deserialization of untrusted data (converting data from an external format into usable code without verifying it's safe) can occur. An attacker can upload a malicious PyTorch model (a type of machine learning model file) that executes arbitrary code (runs any commands they choose) on a user's computer when the model is opened or used.
CVE-2024-37058 is a vulnerability in MLflow (a platform for managing machine learning workflows) version 2.5.0 and newer that allows deserialization of untrusted data (the process of converting data from storage into usable objects without checking if it's safe). An attacker can upload a malicious Langchain AgentExecutor model (a type of AI component) that runs arbitrary code on a user's system when that user interacts with it.
CVE-2024-37057 is a vulnerability in MLflow (an open-source machine learning platform) versions 2.0.0rc0 and newer that allows deserialization of untrusted data (converting data from an untrusted source back into executable code). An attacker could upload a malicious TensorFlow model (a type of machine learning model) that runs arbitrary code (any commands an attacker chooses) on a user's computer when the model is loaded or used.
CVE-2024-37056 is a vulnerability in MLflow (a machine learning platform) version 1.23.0 and newer that allows deserialization of untrusted data (loading and executing code from data that hasn't been verified as safe). An attacker can upload a malicious LightGBM or scikit-learn model (machine learning libraries) that runs arbitrary code (any commands the attacker chooses) on a user's computer when the model is opened.
CVE-2024-37055 is a vulnerability in MLflow (a machine learning platform) versions 1.24.0 and newer where deserialization of untrusted data (the process of converting saved data back into usable objects without checking if it's safe) can occur. This allows an attacker to upload a malicious pmdarima model (a machine learning model for time-series forecasting) that runs arbitrary code (any commands the attacker chooses) on a user's computer when the model is loaded and used.
CVE-2024-37054 is a vulnerability in MLflow (a machine learning platform) version 0.9.0 and newer that allows deserialization of untrusted data (unsafe processing of data from untrusted sources). An attacker can upload a malicious PyFunc model (a machine learning model format) that runs arbitrary code (any commands an attacker wants) on a user's computer when the model is used.
CVE-2024-37053 is a vulnerability in MLflow (a machine learning platform) version 1.1.0 and newer where deserialization of untrusted data (the process of converting saved data back into usable code without checking if it's safe) can occur. An attacker can upload a malicious scikit-learn model (a machine learning library) that runs arbitrary code (any commands the attacker chooses) on a user's computer when the model is loaded and used.
CVE-2024-37052 is a vulnerability in MLflow (a machine learning platform) version 1.1.0 and newer where deserialization of untrusted data (converting data from an external format back into code without checking if it's safe) allows a malicious scikit-learn model (a machine learning library) to execute arbitrary code on a user's system when the model is loaded and used. This means an attacker could upload a harmful model that runs malicious commands when someone interacts with it.
CVE-2024-37065 is a vulnerability in skops (a Python library) version 0.6 and newer where deserialization (the process of converting saved data back into usable code) of untrusted data can occur, allowing a maliciously crafted model file to run arbitrary code on a user's computer when loaded.
A command injection vulnerability (a type of attack where specially crafted input tricks a system into running unintended commands) exists in the Gradio project's automated workflow file, where unsanitized (unfiltered) repository and branch names could be exploited to steal sensitive credentials like authentication tokens. The vulnerability affects Gradio versions up to @gradio/video@0.6.12.
Qdrant version 1.9.0-dev has a vulnerability in its snapshot recovery process (a feature that restores a database from a backup) that allows attackers to read and write arbitrary files on the server by inserting symlinks (shortcuts to other files) into snapshot files. This could potentially give attackers complete control over the system.
Fix: The issue is fixed in version 2.9.0.
NVD/CVE DatabaseA Server-Side Request Forgery vulnerability (SSRF, where a server can be tricked into making requests to unintended locations) exists in Gradio version 4.21.0 in the `/queue/join` endpoint and `save_url_to_cache` function. The vulnerability occurs because user-supplied URL input is not properly validated before being used to make HTTP requests, allowing attackers to access internal networks or sensitive cloud server information.
Fix: Update to version v1.9.0, where the issue is fixed.
NVD/CVE Database