Headline
GHSA-wqxf-447m-6f5f: Information exposure in MLflow
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Information exposure in MLflow
High severity GitHub Reviewed Published Dec 5, 2023 to the GitHub Advisory Database • Updated Dec 11, 2023
Related news
CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.