Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DNS Rebinding Vulnerability in mlflow/mlflow
Vulnerability Description
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
MLflow 访问控制错误漏洞
Vulnerability Description
MLflow是MLflow开源的一个简化机器学习开发的平台,包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。 MLflow 3.4.0及之前版本存在访问控制错误漏洞,该漏洞源于MLFlow REST服务器缺少Origin标头验证,可能导致恶意网站绕过同源策略保护并对REST端点执行未授权调用,从而引发数据渗漏、破坏或篡改。
CVSS Information
N/A
Vulnerability Type
N/A