CVE-2024-27134 | mlflow up to 2.15.x API spark_udf toctou

Inserito da Angelo Barbosa | Nov 25, 2024 | CVE

A vulnerability was found in mlflow up to 2.15.x. It has been rated as critical. Affected by this issue is the function spark_udf of the component API. The manipulation leads to time-of-check time-of-use.

This vulnerability is handled as CVE-2024-27134. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-27134 | mlflow up to 2.15.x API spark_udf toctou

Post correlati

CVE-2024-25994 | Phoenix Contact CHARX SEC-3150 up to 1.5.0 unrestricted upload (VDE-2024-011)

CVE-2024-38138 | Microsoft Windows Deployment Services use after free

CVE-2024-7934 | itsourcecode Project Expense Monitoring System 1.0 execute.php sql injection

CVE-2024-0892 | Schema App Structured Data Plugin up to 2.2.0 on WordPress cross-site request forgery