Headline
GHSA-6749-m5cp-6cg7: Cross-site Scripting in MLFlow
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
Cross-site Scripting in MLFlow
High severity GitHub Reviewed Published Feb 24, 2024 to the GitHub Advisory Database • Updated Feb 26, 2024
Related news
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading