CVE-2024-27133

CVSS V2 None CVSS V3 None
Description
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
Overview
  • CVE ID
  • CVE-2024-27133
  • Assigner
  • JFROG
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-23T22:00:33.124Z
  • Last Modified Date
  • 2024-02-23T22:00:33.124Z
History
Created Old Value New Value Data Type Notes
2024-06-26 02:01:34 Added to TrackCVE