Security Vulnerabilities Found in Machine Learning Toolkits
/ 1 min read
Security flaws discovered in popular machine learning toolkits. Cybersecurity researchers from JFrog have identified nearly two dozen vulnerabilities across 15 open-source machine learning projects, including Weave, ZenML, and Deep Lake. These flaws, which affect both server and client sides, could allow attackers to hijack critical components such as ML model registries and pipelines. Notable vulnerabilities include a directory traversal issue in Weave (CVE-2024-7340) and command injection in Deep Lake (CVE-2024-6507), both of which pose significant risks to organizations utilizing these tools.