VYPR
Critical severityOSV Advisory· Published Feb 23, 2024· Updated Aug 14, 2024

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

CVE-2024-27132

Description

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mlflowPyPI
< 2.10.02.10.0

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.