{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T09:43:50.850","vulnerabilities":[{"cve":{"id":"CVE-2024-6838","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:33.620","lastModified":"2025-04-01T20:33:56.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment."},{"lang":"es","value":"En mlflow/mlflow versión v2.13.2, existe una vulnerabilidad que permite crear o renombrar un experimento con una gran cantidad de enteros debido a la falta de un límite en el nombre del experimento. Esto puede provocar que el panel de interfaz de usuario de MLflow deje de responder, lo que puede provocar una denegación de servicio. Además, no hay límite de caracteres en el parámetro `artifact_location` al crear el experimento."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:2.13.2:*:*:*:*:*:*:*","matchCriteriaId":"2AC00A6B-F1BE-4DA6-892D-C24FEE5FA97D"}]}]}],"references":[{"url":"https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}