A vulnerability was found in mlflow up to 2.15.x. It has been rated as critical. Affected by this issue is the function spark_udf of the component API. The manipulation leads to time-of-check time-of-use.

This vulnerability is handled as CVE-2024-27134. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.