CVE-2024-37059

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 4, 2024

CWE ID 502

Summary

CVE-2024-37059 is a deserialization vulnerability affecting versions 0.5.0 and above of the MLflow platform. Maliciously uploaded PyTorch models can exploit this issue and run arbitrary code on an end user's system, potentially leading to security breaches and unintended system modifications. This vulnerability poses a serious risk to users interacting with affected MLflow instances, making it crucial to apply the necessary patches to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MLFlow

Affected Vendors

MLflow

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wNZx_f
https://www.cve.org/CVERecord?id=CVE-2024-37059
https://nvd.nist.gov/vuln/detail/CVE-2024-37059

Back to Vulnerability Database