DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2024-37059

High
Low Medium High Critical
8.8
CVSS Score
Published: Jun 04, 2024
Last Modified: Feb 03, 2025

Vulnerability Description

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

128 configuration(s) from 1 vendor(s)

mlflow
Version:
3.5.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.5.0:-:*:*:*:*:*:*
mlflow
Version:
2.4.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.4.1:*:*:*:*:*:*:*
mlflow
Version:
3.2.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.2.0:-:*:*:*:*:*:*
mlflow
Version:
2.11.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.11.0:*:*:*:*:*:*:*
mlflow
Version:
1.4.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.4.0:*:*:*:*:*:*:*
mlflow
Version:
2.2.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.2.1:*:*:*:*:*:*:*
mlflow
Version:
1.11.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.11.0:*:*:*:*:*:*:*
mlflow
Version:
0.6.0
CPE:
cpe:2.3:a:lfprojects:mlflow:0.6.0:*:*:*:*:*:*:*
mlflow
Version:
3.1.2
CPE:
cpe:2.3:a:lfprojects:mlflow:3.1.2:*:*:*:*:*:*:*
mlflow
Version:
2.11.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.11.1:*:*:*:*:*:*:*
mlflow
Version:
2.13.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.13.1:*:*:*:*:*:*:*
mlflow
Version:
3.1.1
CPE:
cpe:2.3:a:lfprojects:mlflow:3.1.1:*:*:*:*:*:*:*
mlflow
Version:
2.1.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.1.1:*:*:*:*:*:*:*
mlflow
Version:
2.10.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.10.1:*:*:*:*:*:*:*
mlflow
Version:
1.30.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.30.0:*:*:*:*:*:*:*
mlflow
Version:
2.15.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.15.0:-:*:*:*:*:*:*
mlflow
Version:
1.17.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.17.0:*:*:*:*:*:*:*
mlflow
Version:
1.25.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.25.1:*:*:*:*:*:*:*
mlflow
Version:
1.29.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.29.0:*:*:*:*:*:*:*
mlflow
Version:
1.28.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.28.0:*:*:*:*:*:*:*
mlflow
Version:
1.13.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.13.1:*:*:*:*:*:*:*
mlflow
Version:
1.10.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.10.0:*:*:*:*:*:*:*
mlflow
Version:
2.8.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.8.0:*:*:*:*:*:*:*
mlflow
Version:
1.26.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.26.0:*:*:*:*:*:*:*
mlflow
Version:
1.9.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.9.1:*:*:*:*:*:*:*
mlflow
Version:
3.3.2
CPE:
cpe:2.3:a:lfprojects:mlflow:3.3.2:*:*:*:*:*:*:*
mlflow
Version:
2.1.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.1.0:*:*:*:*:*:*:*
mlflow
Version:
2.19.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.19.0:rc0:*:*:*:*:*:*
mlflow
Version:
1.12.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.12.0:*:*:*:*:*:*:*
mlflow
Version:
2.14.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.14.2:*:*:*:*:*:*:*
mlflow
Version:
0.5.2
CPE:
cpe:2.3:a:lfprojects:mlflow:0.5.2:*:*:*:*:*:*:*
mlflow
Version:
1.5.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.5.0:*:*:*:*:*:*:*
mlflow
Version:
2.2.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.2.2:*:*:*:*:*:*:*
mlflow
Version:
1.14.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.14.1:*:*:*:*:*:*:*
mlflow
Version:
1.20.2
CPE:
cpe:2.3:a:lfprojects:mlflow:1.20.2:*:*:*:*:*:*:*
mlflow
Version:
0.9.0
CPE:
cpe:2.3:a:lfprojects:mlflow:0.9.0:*:*:*:*:*:*:*
mlflow
Version:
1.8.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.8.0:*:*:*:*:*:*:*
mlflow
Version:
2.12.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.12.2:*:*:*:*:*:*:*
mlflow
Version:
2.11.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.11.2:*:*:*:*:*:*:*
mlflow
Version:
2.2.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.2.0:*:*:*:*:*:*:*
mlflow
Version:
2.13.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.13.0:*:*:*:*:*:*:*
mlflow
Version:
2.22.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.22.0:-:*:*:*:*:*:*
mlflow
Version:
0.5.1
CPE:
cpe:2.3:a:lfprojects:mlflow:0.5.1:*:*:*:*:*:*:*
mlflow
Version:
2.17.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.17.2:*:*:*:*:*:*:*
mlflow
Version:
3.1.3
CPE:
cpe:2.3:a:lfprojects:mlflow:3.1.3:*:*:*:*:*:*:*
mlflow
Version:
3.3.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.3.0:-:*:*:*:*:*:*
mlflow
Version:
2.21.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.21.1:*:*:*:*:*:*:*
mlflow
Version:
2.9.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.9.0:*:*:*:*:*:*:*
mlflow
Version:
2.17.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.17.0:rc0:*:*:*:*:*:*
mlflow
Version:
1.23.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.23.1:*:*:*:*:*:*:*
mlflow
Version:
2.18.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.18.0:rc0:*:*:*:*:*:*
mlflow
Version:
1.27.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.27.0:*:*:*:*:*:*:*
mlflow
Version:
3.6.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.6.0:rc1:*:*:*:*:*:*
mlflow
Version:
2.14.3
CPE:
cpe:2.3:a:lfprojects:mlflow:2.14.3:*:*:*:*:*:*:*
mlflow
Version:
2.15.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.15.1:*:*:*:*:*:*:*
mlflow
Version:
3.5.1
CPE:
cpe:2.3:a:lfprojects:mlflow:3.5.1:*:*:*:*:*:*:*
mlflow
Version:
2.14.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.14.1:*:*:*:*:*:*:*
mlflow
Version:
2.20.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.20.1:*:*:*:*:*:*:*
mlflow
Version:
2.3.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.3.1:*:*:*:*:*:*:*
mlflow
Version:
1.20.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.20.1:*:*:*:*:*:*:*
mlflow
Version:
2.16.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.16.1:*:*:*:*:*:*:*
mlflow
Version:
0.5.0
CPE:
cpe:2.3:a:lfprojects:mlflow:0.5.0:*:*:*:*:*:*:*
mlflow
Version:
2.20.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.20.0:-:*:*:*:*:*:*
mlflow
Version:
2.10.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.10.0:*:*:*:*:*:*:*
mlflow
Version:
2.10.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.10.2:*:*:*:*:*:*:*
mlflow
Version:
2.16.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.16.0:*:*:*:*:*:*:*
mlflow
Version:
1.9.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.9.0:*:*:*:*:*:*:*
mlflow
Version:
2.5.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.5.0:*:*:*:*:*:*:*
mlflow
Version:
2.3.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.3.0:*:*:*:*:*:*:*
mlflow
Version:
1.21.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.21.0:*:*:*:*:*:*:*
mlflow
Version:
2.22.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.22.1:*:*:*:*:*:*:*
mlflow
Version:
1.14.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.14.0:*:*:*:*:*:*:*
mlflow
Version:
1.23.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.23.0:*:*:*:*:*:*:*
mlflow
Version:
1.22.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.22.0:*:*:*:*:*:*:*
mlflow
Version:
2.4.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.4.2:*:*:*:*:*:*:*
mlflow
Version:
3.0.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.0.0:-:*:*:*:*:*:*
mlflow
Version:
1.3.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.3.0:*:*:*:*:*:*:*
mlflow
Version:
2.0.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.0.0:-:*:*:*:*:*:*
mlflow
Version:
1.12.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.12.1:*:*:*:*:*:*:*
mlflow
Version:
1.19.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.19.0:*:*:*:*:*:*:*
mlflow
Version:
2.9.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.9.2:*:*:*:*:*:*:*
mlflow
Version:
3.3.1
CPE:
cpe:2.3:a:lfprojects:mlflow:3.3.1:*:*:*:*:*:*:*
mlflow
Version:
2.21.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.21.2:*:*:*:*:*:*:*
mlflow
Version:
2.11.3
CPE:
cpe:2.3:a:lfprojects:mlflow:2.11.3:*:*:*:*:*:*:*
mlflow
Version:
0.8.1
CPE:
cpe:2.3:a:lfprojects:mlflow:0.8.1:*:*:*:*:*:*:*
mlflow
Version:
0.7.0
CPE:
cpe:2.3:a:lfprojects:mlflow:0.7.0:*:*:*:*:*:*:*
mlflow
Version:
2.7.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.7.1:*:*:*:*:*:*:*
mlflow
Version:
3.4.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.4.0:-:*:*:*:*:*:*
mlflow
Version:
2.20.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.20.2:*:*:*:*:*:*:*
mlflow
Version:
2.17.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.17.1:*:*:*:*:*:*:*
mlflow
Version:
1.16.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.16.0:*:*:*:*:*:*:*
mlflow
Version:
1.7.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.7.0:*:*:*:*:*:*:*
mlflow
Version:
2.14.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.14.0:*:*:*:*:*:*:*
mlflow
Version:
0.7
CPE:
cpe:2.3:a:lfprojects:mlflow:0.7:*:*:*:*:*:*:*
mlflow
Version:
2.20.3
CPE:
cpe:2.3:a:lfprojects:mlflow:2.20.3:*:*:*:*:*:*:*
mlflow
Version:
2.9.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.9.1:*:*:*:*:*:*:*
mlflow
Version:
1.20.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.20.0:*:*:*:*:*:*:*
mlflow
Version:
2.6.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.6.0:*:*:*:*:*:*:*
mlflow
Version:
2.12.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.12.1:*:*:*:*:*:*:*
mlflow
Version:
1.7.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.7.1:*:*:*:*:*:*:*
mlflow
Version:
1.0.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.0.0:*:*:*:*:*:*:*
mlflow
Version:
2.21.3
CPE:
cpe:2.3:a:lfprojects:mlflow:2.21.3:*:*:*:*:*:*:*
mlflow
Version:
0.8.0
CPE:
cpe:2.3:a:lfprojects:mlflow:0.8.0:*:*:*:*:*:*:*
mlflow
Version:
1.1.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.1.0:*:*:*:*:*:*:*
mlflow
Version:
0.8.2
CPE:
cpe:2.3:a:lfprojects:mlflow:0.8.2:*:*:*:*:*:*:*
mlflow
Version:
1.2.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.2.0:*:*:*:*:*:*:*
mlflow
Version:
1.13.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.13.0:*:*:*:*:*:*:*
mlflow
Version:
3.1.0
CPE:
cpe:2.3:a:lfprojects:mlflow:3.1.0:-:*:*:*:*:*:*
mlflow
Version:
2.8.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.8.1:*:*:*:*:*:*:*
mlflow
Version:
1.6.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.6.0:*:*:*:*:*:*:*
mlflow
Version:
2.22.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.22.2:*:*:*:*:*:*:*
mlflow
Version:
1.18.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.18.0:*:*:*:*:*:*:*
mlflow
Version:
1.24.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.24.0:*:*:*:*:*:*:*
mlflow
Version:
2.13.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.13.2:*:*:*:*:*:*:*
mlflow
Version:
3.1.4
CPE:
cpe:2.3:a:lfprojects:mlflow:3.1.4:*:*:*:*:*:*:*
mlflow
Version:
0.9.1
CPE:
cpe:2.3:a:lfprojects:mlflow:0.9.1:*:*:*:*:*:*:*
mlflow
Version:
3.0.1
CPE:
cpe:2.3:a:lfprojects:mlflow:3.0.1:*:*:*:*:*:*:*
mlflow
Version:
1.26.1
CPE:
cpe:2.3:a:lfprojects:mlflow:1.26.1:*:*:*:*:*:*:*
mlflow
Version:
1.25.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.25.0:*:*:*:*:*:*:*
mlflow
Version:
2.20.4
CPE:
cpe:2.3:a:lfprojects:mlflow:2.20.4:*:*:*:*:*:*:*
mlflow
Version:
2.0.1
CPE:
cpe:2.3:a:lfprojects:mlflow:2.0.1:*:*:*:*:*:*:*
mlflow
Version:
2.16.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.16.2:*:*:*:*:*:*:*
mlflow
Version:
1.7.2
CPE:
cpe:2.3:a:lfprojects:mlflow:1.7.2:*:*:*:*:*:*:*
mlflow
Version:
1.15.0
CPE:
cpe:2.3:a:lfprojects:mlflow:1.15.0:*:*:*:*:*:*:*
mlflow
Version:
2.3.2
CPE:
cpe:2.3:a:lfprojects:mlflow:2.3.2:*:*:*:*:*:*:*
mlflow
Version:
2.21.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.21.0:-:*:*:*:*:*:*
mlflow
Version:
2.4.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.4.0:*:*:*:*:*:*:*
mlflow
Version:
2.7.0
CPE:
cpe:2.3:a:lfprojects:mlflow:2.7.0:*:*:*:*:*:*:*
This vulnerability affects 128 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches
Oracle

CPUAPR2026

Oracle Critical Patch Update Advisory - April 2026

Severity
Critical
Released
Apr 21, 2026
Restart Required
Security Update

Severity Details

8.8
out of 10.0
High

Weakness Type (CWE)

CWE-502 Top 25 #15

Deserialization of Untrusted Data

Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Exploit Likelihood
Medium
Typical Severity
Medium
OWASP Top 10
A08:2021-Software/Data Integrity Failures
Abstraction Level
Base

Key Information

Published Date
June 04, 2024