Platform
python
Component
mlflow
Fixed in
2.9.3
2.10.0
CVE-2024-27132 describes a critical cross-site scripting (XSS) vulnerability discovered in MLflow, a platform for managing the machine learning lifecycle. This flaw arises from insufficient sanitization of template variables when executing untrusted recipes, potentially leading to remote code execution (RCE) within a Jupyter Notebook environment. The vulnerability affects MLflow versions 2.9.2 and earlier, with a fix available in version 2.10.0.
The core impact of CVE-2024-27132 lies in the ability of an attacker to inject malicious JavaScript code into a recipe executed within MLflow. Because recipes are often run within Jupyter Notebooks, this injected code can execute with the privileges of the user running the notebook. Successful exploitation could allow an attacker to steal sensitive data, such as API keys, database credentials, or model artifacts. More severely, it could enable the attacker to execute arbitrary commands on the underlying system, leading to complete system compromise. The RCE aspect significantly elevates the risk, moving beyond simple information disclosure to full system control. This vulnerability shares similarities with other XSS vulnerabilities that have been exploited to achieve code execution in similar environments.
CVE-2024-27132 was publicly disclosed on February 23, 2024. The vulnerability's severity is rated as CRITICAL (CVSS 9.6). Currently, no public proof-of-concept (PoC) exploits have been widely reported, but the potential for RCE makes it a high-priority vulnerability. It is not currently listed on the CISA KEV catalog. Active exploitation is not yet confirmed, but the ease of exploitation once a PoC is available warrants immediate attention.
Exploit Status
EPSS
0.24% (47% percentile)
CVSS Vector
The primary mitigation for CVE-2024-27132 is to upgrade MLflow to version 2.10.0 or later, which includes the necessary sanitization fixes. If immediate upgrading is not possible, restrict the execution of untrusted recipes to isolated environments with limited privileges. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious JavaScript payloads targeting MLflow endpoints. Carefully review and validate all recipes before execution, particularly those sourced from external or untrusted origins. There are no specific Sigma or YARA rules readily available, but monitoring for unusual JavaScript execution within Jupyter Notebooks is recommended.
Update MLflow to a version later than 2.9.2. This will fix the XSS vulnerability caused by the lack of sanitization in template variables when running untrusted recipes. The update can be performed using the pip package manager: `pip install --upgrade mlflow`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-27132 is a critical XSS vulnerability in MLflow versions up to 2.9.2. It allows attackers to inject malicious code when running untrusted recipes, potentially leading to remote code execution.
You are affected if you are using MLflow version 2.9.2 or earlier. Upgrade to version 2.10.0 or later to resolve the vulnerability.
The recommended fix is to upgrade MLflow to version 2.10.0 or later. If upgrading is not immediately possible, restrict execution of untrusted recipes and consider WAF rules.
While no widespread exploitation has been confirmed, the potential for RCE makes it a high-priority vulnerability and a likely target for attackers.
Refer to the MLflow security advisory for detailed information and updates: [https://mlflow.org/docs/security](https://mlflow.org/docs/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.