Skip to content

Commit

Permalink
Fix: Template injection in MLflow Recipe leads to an RCE (#10873)
Browse files Browse the repository at this point in the history
Signed-off-by: Weichen Xu <weichen.xu@databricks.com>
  • Loading branch information
WeichenXu123 committed Jan 24, 2024
1 parent 65ef8af commit 4ae4282
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion mlflow/recipes/cards/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ def __init__(
'<p><strong>Step status: <span style="color:red">Failed</span></strong></p>',
)
self.add_tab(
"Stacktrace", "<div class='stacktrace-container'>{{ STACKTRACE }}</div>"
"Stacktrace", "<div class='stacktrace-container'>{{ STACKTRACE|e }}</div>"
).add_html("STACKTRACE", f'<p style="margin-top:0px"><code>{failure_traceback}</code></p>')
warning_output_path = os.path.join(output_directory, "warning_logs.txt")
if os.path.exists(warning_output_path):
Expand Down
2 changes: 1 addition & 1 deletion mlflow/recipes/steps/ingest/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ def _build_step_card(
)
# Tab #2 -- Ingested dataset schema.
schema_html = BaseCard.render_table(schema["fields"])
card.add_tab("Data Schema", "{{SCHEMA}}").add_html("SCHEMA", schema_html)
card.add_tab("Data Schema", "{{SCHEMA|e}}").add_html("SCHEMA", schema_html)

if data_preview is not None:
# Tab #3 -- Ingested dataset preview.
Expand Down

0 comments on commit 4ae4282

Please sign in to comment.