MLflow Server-Side Request Forgery (SSRF)
Critical severity
GitHub Reviewed
Published
Dec 20, 2023
to the GitHub Advisory Database
•
Updated Jan 2, 2024
Description
Published by the National Vulnerability Database
Dec 20, 2023
Published to the GitHub Advisory Database
Dec 20, 2023
Reviewed
Dec 20, 2023
Last updated
Jan 2, 2024
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abused to get a remote code execution on the victim machine.
References