CVE-2024-27132 Information
Feb 24, 2024
cve
Description
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
Reference
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/ https://github.com/mlflow/mlflow/pull/10873
Share on: