Identified in tools with hundreds of thousands or millions of downloads per month, such as H2O-3, MLflow, and Ray, these issues potentially impact the entire AI/ML supply chain, says Protect AI, which manages Huntr.
By default, the installation is exposed to the network and does not require authentication, thus allowing attackers to supply malicious Java objects that H2O-3 would execute, allowing them to access the operating system.
[
add
]
[
|
|
...
]