CVE-2024-37061
published 2024-06-04CVE-2024-37061: Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute…
PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.88%
54.7th percentile
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | >= 1.11.0 | — |
| mlflow | mlflow | 1.11.0 – * | — |
| mlflow | mlflow | 1.11.0 – 2.13.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MLFlow improper input validation
osv·2024-06-04
CVE-2024-37061 [HIGH] MLFlow improper input validation
MLFlow improper input validation
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input.
GHSA
MLFlow improper input validation
ghsa·2024-06-04
CVE-2024-37061 [HIGH] CWE-20 MLFlow improper input validation
MLFlow improper input validation
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-04
Published