AVID-2026-R1442

Description

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. (CVE-2024-27133)

Details

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

Reason for inclusion in AVID: The CVE-2024-27133 entry describes an insufficient sanitization in MLflow causing cross-site scripting (XSS) and a potential client-side RCE when running a recipe with an untrusted dataset. MLflow is a widely used AI tooling/component in ML pipelines, experimentation, and deployment workflows. This vulnerability impacts software used to build/train/package/deploy AI systems, i.e., a software supply-chain component in the general-purpose AI stack, rather than hardware/firmware. The CVE provides explicit vulnerability behavior (XSS/RCE) and references, supporting evaluation as a security vulnerability in the AI software supply chain.

References

• NVD entry
• https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
• https://github.com/mlflow/mlflow/pull/10893

Affected or Relevant Artifacts

• Developer: Unknown
• Deployer: Unknown
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-02-23
• Version: 0.3.3
• AVID Entry