[BUG]

[sylvesterhuerta]

Issues Policy acknowledgement

• [X] I have read and agree to submit bug reports in accordance with the issues policy

Where did you encounter this bug?

Databricks

Willingness to contribute

Yes. I would be willing to contribute a fix for this bug with guidance from the MLflow community.

MLflow version

Mlflow version 2.11.3

System information

• OS Platform and Distribution (e.g., Linux Ubuntu 16.04): Linux
• Python version: 3.8

Describe the problem

We are using mlflow as part of our project to keep track of our experiments and artifacts. However, there are some vulnerabilities present with the mlflow version we are using (2.11.3). Is there any upcoming plans or releases to address these vulnerabilities?

1. CVE-2024-1560
2. CVE-2024-1594
3. CVE-2024-1558
4. CVE-2024-3848
5. CVE-2024-4263

We would love to continue using mlflow within our project. If you are not the correct contact for this area, could you please advise who to reach out.

Tracking information

REPLACE_ME

Code to reproduce issue

N/A

Stack trace

N/A

Other info / logs

N/A

What component(s) does this bug affect?

• [X] area/artifacts: Artifact stores and artifact logging
• [X] area/build: Build and test infrastructure for MLflow
• [X] area/deployments: MLflow Deployments client APIs, server, and third-party Deployments integrations
• [ ] area/docs: MLflow documentation pages
• [ ] area/examples: Example code
• [X] area/model-registry: Model Registry service, APIs, and the fluent client calls for Model Registry
• [ ] area/models: MLmodel format, model serialization/deserialization, flavors
• [ ] area/recipes: Recipes, Recipe APIs, Recipe configs, Recipe Templates
• [ ] area/projects: MLproject format, project running backends
• [X] area/scoring: MLflow Model server, model deployment tools, Spark UDFs
• [X] area/server-infra: MLflow Tracking server backend
• [X] area/tracking: Tracking Service, tracking client APIs, autologging

What interface(s) does this bug affect?

• [X] area/uiux: Front-end, user experience, plotting, JavaScript, JavaScript dev server
• [X] area/docker: Docker use across MLflow's components, such as MLflow Projects and MLflow Models
• [X] area/sqlalchemy: Use of SQLAlchemy in the Tracking Service or Model Registry
• [ ] area/windows: Windows support

What language(s) does this bug affect?

• [ ] language/r: R APIs and clients
• [ ] language/java: Java APIs and clients
• [ ] language/new: Proposals for new client languages

What integration(s) does this bug affect?

• [ ] integrations/azure: Azure and Azure ML integrations
• [ ] integrations/sagemaker: SageMaker integrations
• [ ] integrations/databricks: Databricks integrations

[daniellok-db]

Would it be possible to upgrade your version of MLflow? We've been patching these vulnerabilities over the past few months, and they should all be outdated in the most recent version.

If you're using a databricks notebook, you can upgrade by running %pip install -U mlflow in a notebook cell.

[sylvesterhuerta]

Hi Daniel, Thank you for your reply. In our team, we use Snyk as part of vulnerability assessment. According to Snyk, there is no upgrade or patch available for the following vulnerabilities. Is this assessment accurate? https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-6615820 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210300 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210309 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210311 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210331 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210332 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210333 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210334 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210335 https://security.snyk.io/vuln/SNYK-PYTHON-MLFLOW-7210336

On Tuesday, July 2, 2024, 7:43 AM, Daniel Lok @.***> wrote:

Would it be possible to upgrade your version of MLflow? We've been patching these vulnerabilities over the past few months, and they should all be outdated in the most recent version.

If you're using a databricks notebook, you can upgrade by running %pip install -U mlflow in a notebook cell.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[daniellok-db]

All the CVEs related to deserialization of untrusted data come from our use of pickle to store models, which is a common practice in other ML frameworks (e.g. PyTorch). MLflow is meant to be run in an authenticated environment, so you shouldn't have untrusted people uploading malicious files to your servers.

The path traversal vulnerability has been patched as far as i know. In fact, the path from the CVE (URL-encoded dots) is explicitly a test case in our test suite:

https://github.com/mlflow/mlflow/blob/b189477dd03f8c76c3e9176749f46fb7842f0821/tests/utils/test_uri.py#L798

[github-actions[bot]]

@mlflow/mlflow-team Please assign a maintainer and start triaging this issue.

[MattiasDC]

Hi @daniellok-db, the path traversal vulnerability is still in the vulnerability databases marked as 'not fixed'. E.g.

• https://nvd.nist.gov/vuln/detail/CVE-2024-1594
• https://nvd.nist.gov/vuln/detail/CVE-2024-1560
• https://nvd.nist.gov/vuln/detail/CVE-2024-1593