Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing protection on all non-GET HTTP request handling endpoints. As a result, an attacker can perform various actions on behalf of the user including changing the server’s configuration, running arbitrary models, leaking sensitive data, and taking over the host machine.