漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
Vulnerability Description
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Mlflow 跨站脚本漏洞
Vulnerability Description
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 存在跨站脚本漏洞,该漏洞源于缺乏对 dataset table字段的清理,导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A