VYPR

apk package

wolfi/mlflow-iamguarded-compat

pkg:apk/wolfi/mlflow-iamguarded-compat

Vulnerabilities (47)

  • CVE-2024-37057Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37056Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37055Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37054Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37053Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37052Jun 4, 2024
    affected < 3.5.1-r1fixed 3.5.1-r1

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-35195MedMay 20, 2024
    affected < 2.13.1-r0fixed 2.13.1-r0

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes

Page 3 of 3