184 matches found
CVE-2024-2928
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
PYSEC-2024-242
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
PYSEC-2024-242
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
CVE-2024-2928
Summary: MLflow
PT-2024-19290 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 2.8.4 and earlier Harbor versions 2.9.2 and earlier Harbor versions 2.10.0 and earlier Description: The issue concerns an Open Redirect in Harbor under OIDC authentication mode, where a redirect url parameter in the URL can be...
Mlflow Path Traversal Vulnerability (CNVD-2024-35608)
Mlflow is an open source platform for the machine learning lifecycle. Mlflow version 2.9.2 suffers from a path traversal vulnerability that stems from insufficient validation of user-supplied input. An attacker exploiting this vulnerability could access arbitrary files on the server...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1560 via mlflow (>=0.8.2 <=2.9.2)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1560 Source advisory: OSV:GHSA-5MVJ-WMGJ-7Q8C...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
CVE-2024-1483
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
CVE-2024-1560
CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...
Mlflow 路径遍历漏洞
Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which stems from an inability to properly clean up user-supplied paths, allowing an attacker to delete arbitrary directories on the server filesystem...
PT-2024-18084
Name of the Vulnerable Software and Affected Versions mlflow/mlflow version 2.9.2 Description A path traversal vulnerability exists, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted artifact location and source parameter...
Mlflow 路径遍历漏洞
Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which can be exploited by an attacker to read arbitrary files in the context of a server process...
PT-2024-19165 · Rke2 +2 · Rke2 +2
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.7.0 through 2.7.14 Rancher versions 2.8.0 through 2.8.7 Rancher versions 2.9.0 through 2.9.1 Description: A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a...
CVE-2023-40204
Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2...
GHSA-5R3Q-93Q3-F978 MLflow Path Traversal Vulnerability
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
PT-2023-27322 · WordPress · Premio Folders
Name of the Vulnerable Software and Affected Versions: Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager versions n/a through 2.9.2 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Premio Folde...
PYSEC-2023-252
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...