CVE-2024-37061 — Vulnetix

CVE-2024-37061 PUBLISHED

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

EPSS 3.95% · 88.5th percentile

Risk Scores

EPSS Score

3.95%

88.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mlflow	1.11.0
Bitnami	mlflow	1.11.0

Timeline

Jun 4, 2024 CVE Published
Jun 5, 2024 CVE Updated
Jun 5, 2024 EPSS Score
Jun 28, 2024 EPSS Score
Jul 21, 2024 EPSS Score
Sep 6, 2024 EPSS Score
Sep 29, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 14, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Jan 24, 2025 EPSS Score

References

https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 url
https://nvd.nist.gov/vuln/detail/CVE-2024-37061 url

Open in Interactive Console →