Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
mlflow
(,2.9.2]
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.
The following mlflow code would be vulnerable to this issue, when using an untrusted Recipe -
from mlflow.recipes import Recipe
from mlflow.pyfunc import PyFuncModel
from IPython.core.debugger import set_trace
regression_recipe = Recipe(profile="local")
# Run the full recipe
regression_recipe.run()
# Inspect the model training results
regression_recipe.inspect(step="train")
# Load the trained model
regression_model_recipe: PyFuncModel = regression_recipe.get_artifact("model")
No mitigations are supplied for this issue