MLFlow has emerged as the most-vulnerable open source machine learning framework with four highly critical (CVSS 10) vulnerabilities reported within 50 days, according to a Protect AI report.
Protect AI’s AI/ML bug bounty program, hunter AI, discovered these vulnerabilities within the MLFlow platform, which can allow Remote Code Execution (RCE), Arbitrary File Overwrite, and Local File Include. This could possibly lead to system takeover, sensitive information loss, denial of service, and destruction of data, according to Protect AI.
“The report includes four critical flaws found in MLflow, the popular open-source platform used by practitioners to manage various stages of a machine learning project, including experimentation, reproducibility, deployment, and a central model registry,” Protect AI said.
With lesser sought alternatives like Amazon Sagemaker, Neptune, Comet, and KuberFlow, MLFlow is a widely popular machine learning lifecycle platform with more than 10 million monthly downloads and a rich user community including Facebook, Databricks, Microsoft, Accenture, and Booking.com.
hunter AI traced RCE heavy vulnerabilities
Tracked as CVE-2024-0520, the latest vulnerability revealed by hunter AI is a path traversal flaw in the code used to pull down remote data storage. The flaw can be used for a remote code execution (RCE) attack by fooling a user into using a malicious remote data source that can execute commands on the user’s behalf.
The affected code is native to the MLFlow.data module listed within the PyPi registry, which is used to help keep a record of model training and evaluation datasets. The bug, which was fixed in the latest release of MLFLow, has had no known active exploitations.
