LF Projects CVE Vulnerabilities & CVE List (110)

Products (CPE): — CVEs: 110

LF Projects vulnerability overview

Aggregates CVE and security vulnerability intelligence across all LF Projects-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk ssrf, vendor risk input validation, and vendor risk csrf and related problems; some flaws may lead to vendor impact unexpected behavior.

Vulnerability distribution trend (last 24 months)

Showing 6180 of 110 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-0520 A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the fi [email protected] 8.8 2.38% 2024-06-06 2026-06-17
CVE-2024-37061 Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.88% 2024-06-04 2026-06-17
CVE-2024-37060 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.77% 2024-06-04 2026-06-17
CVE-2024-37059 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37058 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37057 Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37056 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37055 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37054 Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.70% 2024-06-04 2026-06-17
CVE-2024-37053 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-37052 Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.62% 2024-06-04 2026-06-17
CVE-2024-4263 A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege u [email protected] 5.4 0.33% 2024-05-16 2026-06-17
CVE-2024-3848 A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitra [email protected] 7.5 43.28% 2024-05-16 2026-06-17
CVE-2024-3573 mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least [email protected] 9.3 0.73% 2024-04-15 2026-06-17
CVE-2024-1594 A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. [email protected] 7.5 0.71% 2024-04-15 2026-06-17
CVE-2024-1593 A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smugg [email protected] 7.5 0.69% 2024-04-15 2026-06-17
CVE-2024-1560 A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, whic [email protected] 8.1 0.86% 2024-04-15 2026-06-17
CVE-2024-1558 A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subseque [email protected] 7.5 0.86% 2024-04-15 2026-06-17
CVE-2024-1483 A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers. [email protected] 7.5 2.74% 2024-04-15 2026-06-17
CVE-2024-27916 Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a p [email protected] 7.1 0.67% 2024-03-20 2026-06-17
cvelogic Threat Intelligence