CGA-3f38-vqc4-r77r
Deserialization of Untrusted Data vulnerability in mlflow (PyPI)

Deserialization of Untrusted Data No known exploit

What is CGA-3f38-vqc4-r77r About?

This vulnerability in MLflow allows arbitrary code execution through deserialization of untrusted data when interacting with a maliciously uploaded scikit-learn model. Attackers can execute arbitrary code on an end user's system, leading to full system compromise. Exploitation is dependent on an end-user interacting with the malicious model.

Affected Software

mlflow >1.1.0, <=2.14.1

Technical Details

The MLflow platform, specifically versions 1.1.0 or newer, is susceptible to deserialization of untrusted data when handling scikit-learn models. An attacker can craft and upload a malicious scikit-learn model containing serialized arbitrary code. When an end user or an automated system interacts with this maliciously crafted model (e.g., loading it for inference or inspection), the deserialization process will execute the embedded arbitrary code. This can lead to remote code execution (RCE) on the system where the model is being loaded and processed.

What is the Impact of CGA-3f38-vqc4-r77r?

Successful exploitation may allow attackers to execute arbitrary code with the privileges of the system interacting with the model, leading to system compromise, data theft, or denial of service.

What is the Exploitability of CGA-3f38-vqc4-r77r?

Exploitation requires an attacker to first upload a malicious scikit-learn model to the MLflow platform. The complexity is moderate, as it relies on a victim (an end-user or an automated process) interacting with the malicious model. There are no direct authentication or privilege requirements for the deserialization aspect itself, but uploading the model usually requires some form of authentication to the MLflow platform. The exploitation is typically local to the machine interacting with the model, but the initial model upload can be remote. Key risk factors include MLflow instances exposed to untrusted model submissions and users unaware of the risks of loading models from unknown sources.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CGA-3f38-vqc4-r77r?

Available Upgrade Options

  • No fixes available

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CGA-3f38-vqc4-r77r?

Similar Vulnerabilities: CVE-2024-3568 , CVE-2024-37055 , CVE-2023-38646 , CVE-2023-23943 , CVE-2022-21699

All Rights reserved 2025
Privacy Policy