JFrog Security Research
< Back

JFSA-2024-000631930 - MLflow untrusted recipe XSS

CVE-2024-27132

JFrog Severity:high

Discovered ByUriya Yavnieliof the JFrog Security Research Team

Published 23 Feb, 2024 | Last updated 23 Feb, 2024

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

mlflow

(,2.9.2]

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.

The following mlflow code would be vulnerable to this issue, when using an untrusted Recipe -

from mlflow.recipes import Recipe
from mlflow.pyfunc import PyFuncModel
from IPython.core.debugger import set_trace
regression_recipe = Recipe(profile="local")
# Run the full recipe
regression_recipe.run()
# Inspect the model training results
regression_recipe.inspect(step="train")
# Load the trained model
regression_model_recipe: PyFuncModel = regression_recipe.get_artifact("model")

No mitigations are supplied for this issue

Fix PR

< Back