CVE-2025-1473

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1473

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1473.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1473

Aliases

GHSA-969w-gqqr-g6j3

Published

2025-03-20T10:15:53Z

Modified

2025-03-22T00:05:49.942173Z

Summary

[none]

Details

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.

References

https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45

Affected packages

Git / github.com/mlflow/mlflow

Affected ranges

Type: GIT
Repo: https://github.com/mlflow/mlflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ecfa61cb43d3303589f3b5834fd95991c9706628