Publish GHSA-r23q-823p-vmf7

advisory-database[bot] · advisory-database[bot] · commit 7d5ea8eda2c8 · 2026-04-01T19:10:31.000Z
diff --git a/advisories/github-reviewed/2026/03/GHSA-r23q-823p-vmf7/GHSA-r23q-823p-vmf7.json b/advisories/github-reviewed/2026/03/GHSA-r23q-823p-vmf7/GHSA-r23q-823p-vmf7.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r23q-823p-vmf7",
-  "modified": "2026-04-01T00:08:33Z",
+  "modified": "2026-04-01T19:08:35Z",
   "published": "2026-03-30T09:31:28Z",
   "aliases": [
     "CVE-2025-15379"
   ],
   "summary": "MLflow Command Injection vulnerability",
-  "details": "A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.",
+  "details": "A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.1.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "3.9.0rc0"
+              "fixed": "3.8.1"
             }
           ]
         }
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/commit/a22ce7157f646bdce4c95106fc38ccc9ca289205"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/mlflow/mlflow"

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-r23q-823p-vmf7",`
`4`		`- "modified": "2026-04-01T00:08:33Z",`
	`4`	`+ "modified": "2026-04-01T19:08:35Z",`
`5`	`5`	`"published": "2026-03-30T09:31:28Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-15379"`
`8`	`8`	`],`
`9`	`9`	`"summary": "MLflow Command Injection vulnerability",`
`10`		- "details": "A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2.",
	`10`	+ "details": "A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.1.",
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "3.9.0rc0"`
	`31`	`+ "fixed": "3.8.1"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
`@@ -44,6 +44,10 @@`
`44`	`44`	`"type": "WEB",`
`45`	`45`	`"url": "https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e"`
`46`	`46`	`},`
	`47`	`+ {`
	`48`	`+ "type": "WEB",`
	`49`	`+ "url": "https://github.com/mlflow/mlflow/commit/a22ce7157f646bdce4c95106fc38ccc9ca289205"`
	`50`	`+ },`
`47`	`51`	`{`
`48`	`52`	`"type": "PACKAGE",`
`49`	`53`	`"url": "https://github.com/mlflow/mlflow"`