YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
MLflow pyfunc ACE PoC
Demonstrates arbitrary code execution via cloudpickle deserialization in mlflow.pyfunc.load_model().
Reproduce
import mlflow
model = mlflow.pyfunc.load_model("/path/to/this/directory")
# Check: /tmp/mlflow_proof.txt exists with 'MLFLOW_PYFUNC_ACE_PROOF'
MLFLOW_ALLOW_PICKLE_DESERIALIZATION defaults to True, providing no protection.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support