CVE-2024-37056
Deserialization of Untrusted Data vulnerability in mlflow (PyPI)

Deserialization of Untrusted Data No known exploit

What is CVE-2024-37056 About?

MLflow platform versions 1.23.0 or newer are susceptible to deserialization of untrusted data, enabling arbitrary code execution through a malicious LightGBM scikit-learn model. Attackers can run code on an end user's system when the crafted model is interacted with. Exploitation requires uploading a specially crafted model artifact and subsequent user action.

Affected Software

mlflow >1.23.0, <=2.14.1

Technical Details

This is a 'Deserialization of Untrusted Data' vulnerability affecting MLflow versions 1.23.0 and newer, specifically concerning LightGBM scikit-learn models. MLflow allows users to store and load machine learning models. An attacker can craft a malicious LightGBM scikit-learn model that embeds serialized arbitrary code or uses vulnerable deserialization gadgets. When this specially prepared model is uploaded to MLflow and then loaded or invoked by an end user or an automated process on the platform, the deserialization routine for the model will execute the malicious code. The execution typically occurs with the permissions of the MLflow server process or the user interacting with the model.

What is the Impact of CVE-2024-37056?

Successful exploitation may allow attackers to execute arbitrary code on the end user's or server's system with the privileges of the process interacting with the model, leading to system compromise, sensitive data exposure, or application disruption.

What is the Exploitability of CVE-2024-37056?

Exploitation of this vulnerability is of moderate complexity. It requires the attacker to upload a specially crafted LightGBM scikit-learn model, which likely demands an authenticated session on the MLflow platform or a prior vulnerability to bypass authentication. After the model is uploaded, a subsequent user interaction (e.g., loading, running inference, or viewing details) with the malicious model is necessary to trigger the deserialization and arbitrary code execution. This can manifest as a remote or local attack depending on how users interact with MLflow. Authentication is required to upload the model, but subsequent exploitation might not require additional authentication. Privilege levels depend on the execution environment of the model. Risk factors include MLflow environments that accept models from untrusted sources or have inadequate validation and sandboxing for persisted model artifacts.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2024-37056?

Available Upgrade Options

  • No fixes available

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2024-37056?

Similar Vulnerabilities: CVE-2024-37057 , CVE-2023-28434 , CVE-2022-25648 , CVE-2021-39145 , CVE-2020-14287

All Rights reserved 2025
Privacy Policy