Cybersecurity researchers have identified several vulnerabilities in popular open-source machine learning (ML) tools and frameworks, including MLflow, H2O, PyTorch, and MLeap. These security flaws could potentially allow attackers to execute malicious code.
Vulnerabilities in ML Clients
Unlike previous discoveries that focused on server-side vulnerabilities, these newly identified weaknesses reside in ML clients. These clients often have access to sensitive resources like ML Model Registries and MLOps Pipelines. By exploiting these vulnerabilities, attackers could gain access to sensitive information such as model registry credentials, enabling them to backdoor stored ML models or execute arbitrary code.
Specific Vulnerabilities and Their Impact
- CVE-2024-27132 (CVSS score: 7.2): An insufficient sanitization issue in MLflow that could lead to a cross-site scripting (XSS) attack when running an untrusted recipe in a Jupyter Notebook. This could ultimately result in client-side remote code execution (RCE).
- CVE-2024-6960 (CVSS score: 7.5): An unsafe deserialization issue in H2O when importing an untrusted ML model, potentially leading to RCE.
- A path traversal issue in PyTorch’s TorchScript feature could cause a denial-of-service (DoS) or code execution due to arbitrary file overwrite. This could allow overwriting critical system files or legitimate pickle files (No CVE identifier).
- CVE-2023-5245 (CVSS score: 7.5): A path traversal issue in MLeap when loading a saved model in zipped format can lead to a Zip Slip vulnerability, resulting in arbitrary file overwrite and potential code execution.
Safe Model Formats Not a Guarantee of Safety
Researchers emphasize that even loading ML models from seemingly safe formats like Safetensors can be risky. These models can potentially be manipulated to achieve arbitrary code execution.
Importance of Security Measures
The potential for innovation offered by AI and ML tools is undeniable. However, it is crucial to recognize the associated security risks. Organizations must be vigilant in identifying and mitigating these vulnerabilities to prevent potential damage. Implementing robust security measures and avoiding the loading of untrusted ML models are essential steps in safeguarding systems and sensitive data.
