CVE-2024-6838

Name of the Vulnerable Software and Affected Versions mlflow/mlflow version v2.13.2

Description A potential denial of service issue exists due to the lack of a limit on the experiment name, allowing the creation or renaming of an experiment with a large number of integers in its name. This can cause the MLflow UI panel to become unresponsive. Additionally, there is no character limit in the artifact location parameter while creating the experiment.

Recommendations For mlflow/mlflow version v2.13.2, consider implementing a character limit for experiment names and the artifact location parameter to prevent potential denial of service attacks. As a temporary workaround, restrict the creation or renaming of experiments with excessively long names to minimize the risk of exploitation.