VYPR

apk package

wolfi/mlflow-bitnami

pkg:apk/wolfi/mlflow-bitnami

Vulnerabilities (32)

  • CVE-2024-37891Jun 17, 2024
    affected < 2.14.1-r0fixed 2.14.1-r0

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'

  • CVE-2024-37061Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

  • CVE-2024-37060Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.

  • CVE-2024-37059Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37058Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37057Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37056Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37055Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37054Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37053Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37052Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-35195MedMay 20, 2024
    affected < 2.13.1-r0fixed 2.13.1-r0

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes

Page 2 of 2