skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Security Flaws Identified in Open-Source Machine Learning Frameworks

/ 1 min read

Security flaws discovered in popular machine learning tools. Cybersecurity researchers from JFrog have identified multiple vulnerabilities in open-source machine learning frameworks, including MLflow, H2O, PyTorch, and MLeap, which could allow for code execution and extensive lateral movement within organizations. These flaws, part of a broader set of 22 vulnerabilities, affect ML clients and libraries that manage safe model formats like Safetensors. Notable issues include a cross-site scripting vulnerability in MLflow and unsafe deserialization in H2O, both of which could lead to remote code execution. JFrog emphasizes the importance of not blindly loading ML models, even from trusted sources, to prevent potential exploitation and damage to organizational systems.