Headline
GHSA-5q6c-ffvg-xcm9: Remote code execution in mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command (‘Command Injection’) within the mlflow.data.http_dataset_source.py
module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the Content-Disposition
header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as ‘…/…/tmp/poc.txt’ or '/tmp/poc.txt’, leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
Skip to content
Navigation Menu
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Enterprise platform
AI-powered developer platform
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-0520
Remote code execution in mlflow
Critical severity GitHub Reviewed Published Jun 6, 2024 to the GitHub Advisory Database • Updated Jun 6, 2024
Affected versions
< 2.9.0
Description
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command (‘Command Injection’) within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the Content-Disposition header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as ‘…/…/tmp/poc.txt’ or '/tmp/poc.txt’, leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-0520
- mlflow/mlflow@400c226
- https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc
Published to the GitHub Advisory Database
Jun 6, 2024