Members of the artificial intelligence (AI) and machine learning (ML) bug bounty platform Huntr have discovered several serious flaws in well-known programs like MLflow, ClearML, and Hugging Face during the last month.
The four most severe issues identified in MLflow, a platform for streamlining ML development that provides a set of APIs supporting existing ML applications and libraries, have a CVSS score of 10. One of the issues, CVE-2023-6831, is described as a path traversal bug originating in the deletion of artifacts.
It is an operation in which the path is normalized before being used, allowing an attacker to bypass validation checks and delete any file on the server.
Read More: Critical Vulnerabilities Found in Open Source AI/ML Platforms
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.