Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
Vulnerability Description
In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to respond to other requests. This vulnerability is due to uncontrolled resource consumption.
CVSS Information
N/A
Vulnerability Type
不充分的资源池
Vulnerability Title
MLflow 安全漏洞
Vulnerability Description
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow 2.17.2版本存在安全漏洞,该漏洞源于/graphql端点可能受到拒绝服务攻击,导致资源消耗失控。
CVSS Information
N/A
Vulnerability Type
N/A