CVE-2024-0520 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) affecting mlflow/mlflow, specifically version 8.2.1. The vulnerability exists in the module `mlflow.data.http_dataset_source.py` where the software loads datasets from HTTP sources. When a dataset is fetched, the filename is extracted from the HTTP response's Content-Disposition header or the URL path. Due to insufficient sanitization, an attacker can craft filenames containing path traversal sequences (e.g., '../../tmp/poc.txt') or absolute paths (e.g., '/tmp/poc.txt'), allowing arbitrary file writes outside the intended directory. This improper neutralization of special elements leads to command injection opportunities, enabling remote code execution on the host system. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network. The CVSS v3.0 base score is 10.0, indicating critical severity with full impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the flaw poses a significant risk to environments running vulnerable mlflow versions. The issue is resolved in mlflow version 2.9.0, which includes proper sanitization and validation of file paths to prevent path traversal and command injection.

For European organizations, the impact of CVE-2024-0520 is severe. Mlflow is widely used in data science, machine learning, and AI workflows, sectors that are rapidly growing across Europe. Successful exploitation could lead to unauthorized access to sensitive datasets, intellectual property, and machine learning models, potentially causing data breaches and intellectual property theft. Attackers could execute arbitrary commands, leading to system compromise, lateral movement within networks, and disruption of critical AI services. This is particularly concerning for industries such as finance, healthcare, automotive, and research institutions that rely heavily on AI and data analytics. The breach of confidentiality and integrity could also violate GDPR regulations, leading to legal and financial penalties. The availability of AI services could be impacted, causing operational downtime and loss of trust. Given the criticality and ease of exploitation, organizations face a high risk of targeted attacks if unpatched.

European organizations should immediately upgrade mlflow to version 2.9.0 or later, where the vulnerability is fixed. Until patching is possible, implement strict network-level controls to restrict access to mlflow services, especially from untrusted networks. Employ Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) to detect and block suspicious HTTP requests containing path traversal patterns. Conduct thorough input validation and sanitization on any user-supplied filenames or URLs before processing. Monitor logs for unusual file write activities or command execution attempts related to mlflow processes. Isolate mlflow instances in segmented network zones with minimal privileges to limit potential damage. Regularly audit and review machine learning pipelines and data sources for anomalies. Educate development and operations teams about secure coding practices related to file handling and external data ingestion. Finally, maintain an incident response plan tailored to AI infrastructure compromises.