What is CVE-2024-3099?

CVE-2024-3099 is a medium-severity vulnerability in Mlflow Mlflow/mlflow, classified under CWE-475. CVSS score: 5.4/10. Published 2024-06-06.

How severe is CVE-2024-3099?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2024-3099 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mlflow Mlflow/mlflow

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the i…

EPSS: 0.001 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Mlflow Mlflow/mlflow — versions unspecified

Weakness classification (CWE)

CWE-475

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a

Frequently asked questions

What is CVE-2024-3099?: CVE-2024-3099 is a medium-severity vulnerability in Mlflow Mlflow/mlflow, classified under CWE-475. CVSS score: 5.4/10. Published 2024-06-06.
How severe is CVE-2024-3099?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2024-3099 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.