Vulnerabilities

CVE-2024-27133

by Fred · 23/02/2024

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

More information : https://github.com/mlflow/mlflow/pull/10893

Similar

Tags: Cybersecurity Alert