CVE-2024-0520
Published: 06 June 2024
Summary
CVE-2024-0520 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Mlflow. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1934
Vulnerability details
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an…
more
HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MLflow is an open-source platform for managing the ML lifecycle, including experiment tracking, model packaging, and deployment. The vulnerability occurs in a dataset loading module (mlflow.data.http_dataset_source.py), confirming its role in AI/ML workflows. Advisory from huntr.com (AI/ML bug bounty) reinforces AI relevance.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-0520 enables remote code execution via command injection due to unsanitized file paths from HTTP dataset sources, allowing path traversal and arbitrary file writes in a public-facing MLflow application.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.