Niteesh Pujari

1 exploit Active since Jun 2024
CVE-2024-37054 NOMISEC HIGH WORKING POC
MLflow >= 0.9.0 - Remote Code Execution via PyFunc Model Deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
1 stars
CVSS 8.8