Lucene search
@huntr_aiCVELIST:CVE-2023-6709HistoryDec 12, 2023 - 4:05 a.m.
CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
2023-12-1204:05:45
CWE-1336
@huntr_ai
www.cve.org
2
github repository
mlflow
template engine
cve-2023-6709
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
CNA Affected
[
{
"vendor": "mlflow",
"product": "mlflow/mlflow",
"versions": [
{
"version": "unspecified",
"lessThan": "2.9.2",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
github
github
Jinja2 template injection in mlflow
2023-12-12 06:30:43
prion
prion
Input validation
2023-12-12 04:15:00
veracode
veracode
Arbitrary Code Execution
2023-12-13 17:23:27
osv
osv
BIT-mlflow-2023-6709
2024-03-06 10:57:27
Jinja2 template injection in mlflow
2023-12-12 06:30:43
CVE-2023-6709
2023-12-12 04:15:07
cve
cve
CVE-2023-6709
2023-12-12 04:15:07
nvd
nvd
CVE-2023-6709
2023-12-12 04:15:07
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
Related for CVELIST:CVE-2023-6709