Description

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.

INFO

Published Date :

2024-06-06T18:19:36.380Z

Last Modified :

2025-10-15T12:50:06.675Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-0520 vulnerability.

Vendors Products
Lfprojects
  • Mlflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-0520.

URL Resource
https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d cve-icon cve-icon
https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact