Critical security vulnerabilities have been identified in several prominent open-source machine learning frameworks, including MLflow, H2O, PyTorch, and MLeap. These flaws, uncovered by JFrog security researchers, could enable malicious code execution and pose significant risks to organizations utilizing these tools.
Key Vulnerabilities:
1. MLflow (CVE-2024-27132)
– Severity: 7.2 CVSS score
– Issue: Insufficient sanitization leading to cross-site scripting attacks
– Impact: Potential client-side remote code execution via untrusted recipes in Jupyter Notebook
2. H2O (CVE-2024-6960)
– Severity: 7.5 CVSS score
– Issue: Unsafe deserialization when importing untrusted ML models
– Impact: Remote code execution risk
3. PyTorch
– Issue: Path traversal vulnerability in TorchScript
– Impact: Possible denial-of-service or code execution through arbitrary file overwrite
4. MLeap (CVE-2023-5245)
– Severity: 7.5 CVSS score
– Issue: Path traversal vulnerability in model loading
– Impact: Zip Slip vulnerability enabling arbitrary file overwrite
Security Implications:
– Compromised ML clients can facilitate lateral movement within organizations
– Potential exposure of sensitive model registry credentials
– Risk of ML model backdooring
– Even “safe” model formats like Safetensors can be vulnerable
Researchers emphasize the importance of careful validation of ML models, regardless of their source or format, to prevent potential security breaches and unauthorized code execution.