VYPR
Critical severityOSV Advisory· Published Feb 23, 2024· Updated Aug 22, 2024

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

CVE-2024-27133

Description

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mlflowPyPI
< 2.10.02.10.0

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.