MLflow Unrestricted Experiment Name Length Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in MLflow version 2.13.2. The issue arises from the absence of a limit on the length of experiment names, allowing users to create or rename experiments with an excessive number of integers. This can cause the MLflow user interface to become unresponsive, disrupting workflows and degrading the overall user experience. Additionally, there is no character limit for the 'artifact_location' parameter when creating an experiment, which could potentially be exploited in a similar manner.

Impact

Exploiting this vulnerability causes the MLflow UI to freeze, leading to a denial-of-service condition that disrupts users' ability to manage and track experiments. This issue can be particularly problematic in collaborative environments where MLflow is essential for experiment management.

Reproduction

To reproduce this vulnerability, create or rename an experiment in MLflow 2.13.2, using a name that contains a large number of integers. There is no limit to the number of integers that can be used, but using over 95 million integers has been tested and confirmed to cause the issue. After renaming the experiment, refresh the MLflow UI page to observe the unresponsiveness.