fix: yet another mlflow vuln

dacorvo · dacorvo · commit 9e8b98681614 · 2024-11-18T16:15:30.000+01:00
diff --git a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json
@@ -14,6 +14,7 @@
     "71578": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=1.1.0'",
     "71579": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'",
     "71691": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'",
+    "72394": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'",
     "73889": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are potentially vulnerable to resource exhaustion when parsing file data in forms.', reason_to_ignore='N/A', spec='>=3.0.6'",
     "73969": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11.', reason_to_ignore='N/A', spec='>=3.0.6'",
     "72809": "[pkg: gunicorn] A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields.', reason_to_ignore='N/A', spec='>=23.0.0'"
