apk package
chainguard/mlflow
pkg:apk/chainguard/mlflow
Vulnerabilities (62)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37052 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-35195 | Med | 5.6 | < 2.13.1-r0 | 2.13.1-r0 | May 20, 2024 | Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes |
- CVE-2024-37052Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.
- affected < 2.13.1-r0fixed 2.13.1-r0
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes
Page 4 of 4