Security Flaws Identified in Open-Source Machine Learning Frameworks
/ 1 min read
Security flaws discovered in popular machine learning tools. Cybersecurity researchers from JFrog have identified multiple vulnerabilities in open-source machine learning frameworks, including MLflow, H2O, PyTorch, and MLeap, which could allow for code execution and extensive lateral movement within organizations. These flaws, part of a broader set of 22 vulnerabilities, affect ML clients and libraries that manage safe model formats like Safetensors. Notable issues include a cross-site scripting vulnerability in MLflow and unsafe deserialization in H2O, both of which could lead to remote code execution. JFrog emphasizes the importance of not blindly loading ML models, even from trusted sources, to prevent potential exploitation and damage to organizational systems.