From 0fb799aaf2b61e6ac26163b9924fd66f1861b07d Mon Sep 17 00:00:00 2001
From: rotemd-apiiro <rotem.daniel@apiiro.com>
Date: Sun, 26 Apr 2026 12:06:35 +0300
Subject: [PATCH] Improve GHSA-rvhj-8chj-8v3c

---
 .../2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/advisories/github-reviewed/2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json b/advisories/github-reviewed/2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json
index 8a8ae076e664f..708729bd11cf7 100644
--- a/advisories/github-reviewed/2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json
+++ b/advisories/github-reviewed/2026/03/GHSA-rvhj-8chj-8v3c/GHSA-rvhj-8chj-8v3c.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rvhj-8chj-8v3c",
-  "modified": "2026-04-04T05:32:07Z",
+  "modified": "2026-04-04T05:32:08Z",
   "published": "2026-03-31T15:31:56Z",
   "aliases": [
     "CVE-2026-0596"
   ],
-  "summary": "Mflow: Command Injection when serving models with enable_mlserver=True",
-  "details": "A command injection vulnerability exists in Mflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.",
+  "summary": "Mlflow: Command Injection when serving models with enable_mlserver=True",
+  "details": "A command injection vulnerability exists in Mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -18,7 +18,7 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "mflow"
+        "name": "mlflow"
       },
       "ranges": [
         {