GHSA-r23q-823p-vmf7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r23q-823p-vmf7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r23q-823p-vmf7/GHSA-r23q-823p-vmf7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r23q-823p-vmf7
- Aliases
-
- CVE-2025-15379
- Published
- 2026-03-30T09:31:28Z
- Modified
- 2026-04-01T19:16:27.305642Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- MLflow Command Injection vulnerability
- Details
-
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the
_install_model_dependencies_to_env()function. When deploying a model withenv_manager=LOCAL, MLflow reads dependency specifications from the model artifact'spython_env.yamlfile and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.1. - Database specific
{ "nvd_published_at": "2026-03-30T08:16:15Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-77" ], "github_reviewed_at": "2026-04-01T00:08:33Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-15379
- https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e
- https://github.com/mlflow/mlflow/commit/a22ce7157f646bdce4c95106fc38ccc9ca289205
- https://github.com/mlflow/mlflow
- https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75
Affected packages
PyPI / mlflow
Package
- Name
- mlflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/mlflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.1
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.13.2
2.14.0rc0
2.14.0
2.14.1
2.14.2.dev0
2.14.2
2.14.3
2.15.0rc0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
2.17.0rc0
2.17.0
2.17.1
2.17.2
2.18.0rc0
2.18.0
2.19.0rc0
2.19.0
2.20.0rc0
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0rc0
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0rc0
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
3.*
3.0.0rc0
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.1.0rc0
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0rc0
3.2.0
3.3.0rc0
3.3.0
3.3.1
3.3.2
3.4.0rc0
3.4.0
3.5.0rc0
3.5.0
3.5.1
3.6.0rc0
3.6.0
3.7.0rc0
3.7.0
3.8.0rc0
3.8.0