Moderate severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Uncontrolled Resource Consumption in mlflow/mlflow
CVE-2024-6838
Description
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the artifact_location parameter while creating the experiment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | <= 2.13.2 | — |
Affected products
3- osv-coords2 versions
>= 2.13.2, < 2.14.0+ 1 more
- (no CPE)range: >= 2.13.2, < 2.14.0
- (no CPE)range: <= 2.13.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.