Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6749-m5cp-6cg7: Cross-site Scripting in MLFlow

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

ghsa
#xss#vulnerability#git#rce

Cross-site Scripting in MLFlow

High severity GitHub Reviewed Published Feb 24, 2024 to the GitHub Advisory Database • Updated Feb 26, 2024

Related news

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading