CVE-2024-27133

The issue is with MLflow, which has a problem with insufficient sanitization, leading to XSS when running a recipe that uses an untrusted dataset. This can further result in a client-side RCE when the recipe is run in Jupyter Notebook. The affected software is MLflow, and the issue arises from a lack of sanitization of dataset table fields. An exploit for this issue is available, but the specific affected versions of MLflow are not specified. The issue can be exploited when running a recipe with an untrusted dataset, leading to XSS and potentially client-side RCE in Jupyter Notebook. #MLflow #XSS #RCE #JupyterNotebook #cybersecurityawareness #infosec #hacker