CVE-2024-37060 – This vulnerability in MLflow allows remote code... (How to Fix)

Q: What is the severity of CVE-2024-37060?

CVE-2024-37060 has a CVSS score of 8.8 (HIGH). This vulnerability in MLflow allows remote code execution when deserializing untrusted data from malicious Recipes. It affects MLflow versions 1.27.0 and newer, putting users who run untrusted MLflow Recipes at risk of complete system compromise.

📋 TL;DR

This vulnerability in MLflow allows remote code execution when deserializing untrusted data from malicious Recipes. It affects MLflow versions 1.27.0 and newer, putting users who run untrusted MLflow Recipes at risk of complete system compromise.

💻 Affected Systems

Products:

MLflow

Versions: 1.27.0 and newer

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when running MLflow Recipes from untrusted sources. Standard MLflow tracking/server usage without Recipes may not be affected.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the MLflow process, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Attacker executes arbitrary code within the MLflow environment, potentially stealing model data, credentials, or using the system for cryptocurrency mining.

🟢

If Mitigated

Limited impact if only trusted Recipes are executed and proper network segmentation is in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to run a malicious Recipe. No authentication bypass needed beyond tricking user to run the Recipe.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.30.0

Vendor Advisory: https://hiddenlayer.com/sai-security-advisory/mlflow-june2024

Restart Required: Yes

Instructions:

1. Upgrade MLflow to version 1.30.0 or newer using pip: 'pip install --upgrade mlflow>=1.30.0' 2. Restart all MLflow services and processes.

🔧 Temporary Workarounds

Disable Recipe Execution

all

Prevent execution of MLflow Recipes entirely

export MLFLOW_DISABLE_RECIPES=1

Sandbox Recipe Execution

linux

Run MLflow in isolated container with limited privileges

docker run --read-only --cap-drop=ALL -v /safe/path:/data mlflow

🧯 If You Can't Patch

Only run Recipes from trusted, verified sources
Implement strict network segmentation for MLflow instances

🔍 How to Verify

Check if Vulnerable:

Check MLflow version: 'mlflow --version' or 'pip show mlflow'. If version is between 1.27.0 and 1.29.x, you are vulnerable.

Check Version:

mlflow --version

Verify Fix Applied:

Verify version is 1.30.0 or newer: 'mlflow --version' should show 1.30.0+

📡 Detection & Monitoring

Log Indicators:

Unexpected Recipe execution
Suspicious process spawning from MLflow
Deserialization errors in MLflow logs

Network Indicators:

Unexpected outbound connections from MLflow process
Downloads from untrusted Recipe sources

SIEM Query:

process_name:mlflow AND (process_spawn:* OR network_connection:*)

📊 Metadata

CVE ID: CVE-2024-37060

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: June 4, 2024

Last Updated: February 3, 2025

🔗 References

https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 Exploit,Third Party Advisory
https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37060, you might also want to check these: