New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Security Vulnerability #9530
Comments
Hi @JoeBeeton thank you for reporting this! |
Hi, no problem. Let me know if you need anything else. Joe |
@mlflow/mlflow-team Please assign a maintainer and start triaging this issue. |
Hi Any news on this? I've tried to contact the email address provided but with no response after the initial message. |
Hi @BenWilson2 any news? |
Hi, whoever on the mlflow side has access, please check mlflow-oss-maintainers@googlegroups.com |
@JoeBeeton Thank you so much for reporting the vulnerability and terribly sorry for not being responsive. We are working on the fix right now. |
Thanks, FYI, the cve is CVE-2023-43472 . Do you know when the fix will be released? |
It will be released in next release this week. |
Thanks |
Issues Policy acknowledgement
Willingness to contribute
No. I cannot contribute a bug fix at this time.
MLflow version
mlflow, version 2.6.0
System information
Ubuntu 22.04.2
Python 3.10.12
Describe the problem
Security Vulnerability
Tracking information
Code to reproduce issue
Security Vulnerability
Stack trace
Other info / logs
What component(s) does this bug affect?
area/artifacts
: Artifact stores and artifact loggingarea/build
: Build and test infrastructure for MLflowarea/docs
: MLflow documentation pagesarea/examples
: Example codearea/gateway
: AI Gateway service, Gateway client APIs, third-party Gateway integrationsarea/model-registry
: Model Registry service, APIs, and the fluent client calls for Model Registryarea/models
: MLmodel format, model serialization/deserialization, flavorsarea/recipes
: Recipes, Recipe APIs, Recipe configs, Recipe Templatesarea/projects
: MLproject format, project running backendsarea/scoring
: MLflow Model server, model deployment tools, Spark UDFsarea/server-infra
: MLflow Tracking server backendarea/tracking
: Tracking Service, tracking client APIs, autologgingWhat interface(s) does this bug affect?
area/uiux
: Front-end, user experience, plotting, JavaScript, JavaScript dev serverarea/docker
: Docker use across MLflow's components, such as MLflow Projects and MLflow Modelsarea/sqlalchemy
: Use of SQLAlchemy in the Tracking Service or Model Registryarea/windows
: Windows supportWhat language(s) does this bug affect?
language/r
: R APIs and clientslanguage/java
: Java APIs and clientslanguage/new
: Proposals for new client languagesWhat integration(s) does this bug affect?
integrations/azure
: Azure and Azure ML integrationsintegrations/sagemaker
: SageMaker integrationsintegrations/databricks
: Databricks integrationsThe text was updated successfully, but these errors were encountered: