MLflow Denial-of-Service Vulnerability in GraphQL Endpoint

A denial-of-service vulnerability has been identified in MLflow version 2.17.2, specifically within the GraphQL endpoint. This issue arises from uncontrolled resource consumption, allowing an attacker to send large batches of queries that repeatedly request all runs from a specified experiment. Such actions can monopolize the workers assigned by MLflow, causing the application to become unresponsive to other requests.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the application fails to respond to incoming requests due to resource exhaustion.

Reproduction

To reproduce this vulnerability, first install and run the MLflow tracking server. After logging a significant number of runs in an experiment, send batched GraphQL queries that request all runs from that experiment. This can be done using a Python script that automates the process, effectively tying up the server's resources and causing it to stall.