Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

Published: Nov 25, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-27134
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-276
CWE-367

Affected Software
References

Software	From	Fixed in
lfprojects / mlflow	-	2.16.0

https://github.com/mlflow/mlflow/pull/10874

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo