apk package
wolfi/mlflow
pkg:apk/wolfi/mlflow
Vulnerabilities (62)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54121 | Med | 5.3 | < 3.1.4-r0 | 3.1.4-r0 | Jul 21, 2025 | Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl | |
| CVE-2025-50182 | — | < 3.1.0-r3 | 3.1.0-r3 | Jun 19, 2025 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque | ||
| CVE-2025-50181 | — | < 3.1.0-r3 | 3.1.0-r3 | Jun 19, 2025 | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An appl | ||
| CVE-2024-47081 | Med | 5.3 | < 3.1.0-r0 | 3.1.0-r0 | Jun 9, 2025 | Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc | |
| CVE-2025-47278 | Low | — | < 2.22.0-r2 | 2.22.0-r2 | May 13, 2025 | Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` librar | |
| CVE-2024-56326 | — | < 2.19.0-r2 | 2.19.0-r2 | Dec 23, 2024 | Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs t | ||
| CVE-2024-56201 | — | < 2.19.0-r2 | 2.19.0-r2 | Dec 23, 2024 | Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit | ||
| CVE-2024-49767 | — | < 2.21.0-r0 | 2.21.0-r0 | Oct 25, 2024 | Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively | ||
| CVE-2024-49766 | — | < 2.21.0-r0 | 2.21.0-r0 | Oct 25, 2024 | Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended | ||
| CVE-2024-39689 | — | < 2.14.2-r0 | 2.14.2-r0 | Jul 5, 2024 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro | ||
| CVE-2024-37891 | — | < 2.14.1-r0 | 2.14.1-r0 | Jun 17, 2024 | urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it' | ||
| CVE-2024-37061 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | ||
| CVE-2024-37060 | — | < 3.5.1-r1 | 3.5.1-r1 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. | ||
| CVE-2024-37059 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37058 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37057 | — | < 3.5.1-r1 | 3.5.1-r1 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37056 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37055 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37054 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with. | ||
| CVE-2024-37053 | — | < 2.13.2-r0 | 2.13.2-r0 | Jun 4, 2024 | Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. |
- affected < 3.1.4-r0fixed 3.1.4-r0
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl
- CVE-2025-50182Jun 19, 2025affected < 3.1.0-r3fixed 3.1.0-r3
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque
- CVE-2025-50181Jun 19, 2025affected < 3.1.0-r3fixed 3.1.0-r3
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An appl
- affected < 3.1.0-r0fixed 3.1.0-r0
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc
- affected < 2.22.0-r2fixed 2.22.0-r2
Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` librar
- CVE-2024-56326Dec 23, 2024affected < 2.19.0-r2fixed 2.19.0-r2
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs t
- CVE-2024-56201Dec 23, 2024affected < 2.19.0-r2fixed 2.19.0-r2
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit
- CVE-2024-49767Oct 25, 2024affected < 2.21.0-r0fixed 2.21.0-r0
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively
- CVE-2024-49766Oct 25, 2024affected < 2.21.0-r0fixed 2.21.0-r0
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended
- CVE-2024-39689Jul 5, 2024affected < 2.14.2-r0fixed 2.14.2-r0
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro
- CVE-2024-37891Jun 17, 2024affected < 2.14.1-r0fixed 2.14.1-r0
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'
- CVE-2024-37061Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.
- CVE-2024-37060Jun 4, 2024affected < 3.5.1-r1fixed 3.5.1-r1
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.
- CVE-2024-37059Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37058Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37057Jun 4, 2024affected < 3.5.1-r1fixed 3.5.1-r1
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37056Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37055Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37054Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
- CVE-2024-37053Jun 4, 2024affected < 2.13.2-r0fixed 2.13.2-r0
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.
Page 3 of 4