Weichenxu123

**Name of the Vulnerable Software and Affected Versions** MLflow (affected versions not specified) **Description** The issue concerns excessive directory permissions in MLflow, which can lead to local privilege escalation when using `spark udf`. This behavior can be exploited by a local attacker to gain elevated permissions by using a Time-of-Check-to-Time-of-Use (ToCToU) attack. The issue is only relevant when the `spark udf()` MLflow API is called. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.