Headline
GHSA-pqcv-qw2r-r859: MLFlow improper input validation
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run due to unfiltered input.
MLFlow improper input validation
High severity GitHub Reviewed Published Jun 4, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024