AI Threat Alert

Lfprojects

49 AI/ML vulnerabilities tracked for Lfprojects.

49

Total CVEs

3

Pages

Page 2 of 3

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2024-27132	MLflow: XSS in recipes enables client-side RCE	mlflow	9.6
CRITICAL	CVE-2024-27133	MLflow: XSS in recipe runner enables Jupyter RCE	mlflow	9.6
HIGH	CVE-2024-1483	MLflow: path traversal exposes arbitrary server files	mlflow	7.5
HIGH	CVE-2024-1558	MLflow: path traversal enables arbitrary file read	mlflow	7.5
HIGH	CVE-2024-1560	MLflow: path traversal allows arbitrary directory deletion	mlflow	8.1
HIGH	CVE-2024-1593	MLflow: path traversal via ';' smuggling exposes files	mlflow	7.5
HIGH	CVE-2024-1594	MLflow: path traversal via URI fragment reads arbitrary files	mlflow	7.5
CRITICAL	CVE-2024-3573	MLflow: LFI via URI parsing allows arbitrary file read	mlflow	9.3
HIGH	CVE-2024-3848	MLflow: URL fragment bypass leaks SSH and cloud keys	mlflow	7.5
MEDIUM	CVE-2024-4263	MLflow: broken access control allows artifact deletion	mlflow	5.4
HIGH	CVE-2024-37052	MLflow: RCE via malicious scikit-learn model upload	mlflow	8.8
HIGH	CVE-2024-37053	MLflow: RCE via malicious scikit-learn model deserialization	mlflow	8.8
HIGH	CVE-2024-37054	MLflow: deserialization RCE via malicious PyFunc model	mlflow	8.8
HIGH	CVE-2024-37055	MLflow: RCE via pmdarima model deserialization	mlflow	8.8
HIGH	CVE-2024-37056	MLflow: RCE via LightGBM model deserialization	mlflow	8.8
HIGH	CVE-2024-37060	MLflow: RCE via deserialization in crafted Recipes	mlflow	8.8
HIGH	CVE-2024-37061	MLflow: RCE via malicious MLproject file execution	mlflow	8.8
HIGH	CVE-2024-0520	MLflow: path traversal enables RCE via dataset loading	mlflow	8.8
HIGH	CVE-2024-2928	MLflow: URI fragment LFI exposes arbitrary files	mlflow	7.5
MEDIUM	CVE-2024-3099	MLflow: URL encoding bypass enables model poisoning	mlflow	5.4

Page 2 of 3