VYPR

apk package

wolfi/mlflow

pkg:apk/wolfi/mlflow

Vulnerabilities (62)

  • CVE-2024-37052Jun 4, 2024
    affected < 2.13.2-r0fixed 2.13.2-r0

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-35195MedMay 20, 2024
    affected < 2.13.1-r0fixed 2.13.1-r0

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes

Page 4 of 4