VulnWatch AI Security Tracker

← Back to dashboard

Low osv · GHSA-6749-m5cp-6cg7

Cross-site Scripting in MLFlow

Published Feb 24, 2024 CVSS 3.1

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

Remote Code Execution

Affected AI Products

mlflow

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.