Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation in mlflow/mlflow
Vulnerability Description
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
CVSS Information
N/A
Vulnerability Type
在具有不安全权限的目录中创建临时文件
Vulnerability Title
MLflow 安全漏洞
Vulnerability Description
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow 2.20.3版本存在安全漏洞,该漏洞源于为创建Python虚拟环境分配的临时目录权限不安全,可能导致利用竞争条件覆盖虚拟环境中的.py文件,从而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A