BIT-mlflow-2023-6976
Prototype Pollution vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-6976 About?
This vulnerability is a Prototype Pollution issue in Plotly.js, causing manipulation of object properties. It can lead to unpredictable application behavior or further attacks by injecting arbitrary data. Exploitation is moderate, requiring specific API calls to trigger the pollution.
Affected Software
Technical Details
The vulnerability resides in Plotly plotly.js versions before 2.25.2, specifically within the expandObjectPaths or nestedProperty functions. These functions, when processing plot API calls, fail to adequately sanitize or validate input, allowing an attacker to inject __proto__ into the object path. This bypasses typical property access, enabling the modification of the Object.prototype and consequently introducing or altering properties in all JavaScript objects. By changing the constructor or other fundamental properties, an attacker can influence program logic or data structures across the application.
What is the Impact of BIT-mlflow-2023-6976?
Successful exploitation may allow attackers to alter application logic, inject arbitrary data, bypass security controls, or potentially achieve remote code execution in certain contexts.
What is the Exploitability of BIT-mlflow-2023-6976?
Exploitation of this prototype pollution vulnerability can be complex, requiring an understanding of the application's data structures and how plot API calls are processed. There are no specific authentication or privilege requirements to trigger the vulnerable code path, as it relies on malformed input to public-facing API calls. It can be exploited remotely by submitting specially crafted data. The primary risk factor is the application's reliance on the affected Plotly.js version and its direct exposure of plot API endpoints. Successful exploitation could depend on environmental factors and the attacker's ability to craft a payload that both triggers the pollution and leverages it meaningfully.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-6976?
Available Upgrade Options
- mlflow
- <2.9.2 → Upgrade to 2.9.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2023-6976
- https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f
- https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
- https://github.com/mlflow/mlflow
- https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f
- https://osv.dev/vulnerability/GHSA-wv8q-4f85-2p8p
- https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
What are Similar Vulnerabilities to BIT-mlflow-2023-6976?
Similar Vulnerabilities: CVE-2020-28280 , CVE-2021-23337 , CVE-2021-23425 , CVE-2021-39130 , CVE-2021-39131
