In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mlflow(PyPI) | 0 | N/A | N/A |
CVSS Metrics
