Vulnerabilities > Lfprojects > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-6838 | Unspecified vulnerability in Lfprojects Mlflow 2.13.2 In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. | 5.3 |
| 2025-03-20 | CVE-2025-1474 | Weak Password Requirements vulnerability in Lfprojects Mlflow In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. | 5.5 |
| 2024-06-06 | CVE-2024-3099 | Unspecified vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. | 5.4 |
| 2024-05-16 | CVE-2024-4263 | Unspecified vulnerability in Lfprojects Mlflow A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. | 5.4 |
| 2023-12-07 | CVE-2023-6568 | Cross-site Scripting vulnerability in Lfprojects Mlflow A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. | 6.1 |