Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
mlflow
(,2.9.2]
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
The following mlflow code would be vulnerable to this issue, when using a Recipe that uses an untrusted dataset -
from mlflow.recipes import Recipe
from mlflow.pyfunc import PyFuncModel
from IPython.core.debugger import set_trace
regression_recipe = Recipe(profile="local")
# Run the full recipe
regression_recipe.run()
# Inspect the model training results
regression_recipe.inspect(step="train")
# Load the trained model
regression_model_recipe: PyFuncModel = regression_recipe.get_artifact("model")
No mitigations are supplied for this issue