Lucene search
+L

184 matches found

NVD
NVD
added 2024/06/06 7:15 p.m.38 views

CVE-2024-2928

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS0.21847EPSS
Exploits2References2
PyPA
PyPA
added 2024/06/06 7:15 p.m.7 views

PYSEC-2024-242

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS6.5AI score0.21847EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2024/06/06 7:15 p.m.52 views

PYSEC-2024-242

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS7.4AI score0.21847EPSS
Exploits2References6
CVE
CVE
added 2024/06/06 6:29 p.m.84 views

CVE-2024-2928

Summary: MLflow

7.5CVSS7.4AI score0.21847EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.12 views

PT-2024-19290 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.8.4 and earlier Harbor versions 2.9.2 and earlier Harbor versions 2.10.0 and earlier Description: The issue concerns an Open Redirect in Harbor under OIDC authentication mode, where a redirect url parameter in the URL can be...

6.1CVSS7.1AI score0.00364EPSS
Exploits0References9
CNVD
CNVD
added 2024/04/19 12:0 a.m.10 views

Mlflow Path Traversal Vulnerability (CNVD-2024-35608)

Mlflow is an open source platform for the machine learning lifecycle. Mlflow version 2.9.2 suffers from a path traversal vulnerability that stems from insufficient validation of user-supplied input. An attacker exploiting this vulnerability could access arbitrary files on the server...

7.5CVSS6.8AI score0.02718EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.2 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1560 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1560 Source advisory: OSV:GHSA-5MVJ-WMGJ-7Q8C...

8.1CVSS7.2AI score0.00856EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.49 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/04/16 12:15 a.m.14 views

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.5AI score0.02718EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.26 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.6AI score0.02718EPSS
Exploits1References1
OSV
OSV
added 2024/04/16 12:0 a.m.8 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.2AI score0.02718EPSS
Exploits1References3
CVE
CVE
added 2024/04/16 12:0 a.m.89 views

CVE-2024-1560

CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...

8.1CVSS7.8AI score0.00856EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which stems from an inability to properly clean up user-supplied paths, allowing an attacker to delete arbitrary directories on the server filesystem...

8.1CVSS8AI score0.00856EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.6 views

PT-2024-18084

Name of the Vulnerable Software and Affected Versions mlflow/mlflow version 2.9.2 Description A path traversal vulnerability exists, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted artifact location and source parameter...

7.5CVSS7.2AI score0.02718EPSS
Exploits1References13
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which can be exploited by an attacker to read arbitrary files in the context of a server process...

7.5CVSS7.4AI score0.00712EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.6 views

PT-2024-19165 · Rke2 +2 · Rke2 +2

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.7.0 through 2.7.14 Rancher versions 2.8.0 through 2.8.7 Rancher versions 2.9.0 through 2.9.1 Description: A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a...

9.9CVSS6.4AI score0.97781EPSS
Exploits21References145
OSV
OSV
added 2023/12/20 7:15 p.m.6 views

CVE-2023-40204

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2...

7.2CVSS5.8AI score0.00661EPSS
Exploits0References1
OSV
OSV
added 2023/12/20 6:30 a.m.50 views

GHSA-5R3Q-93Q3-F978 MLflow Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

8.7CVSS5.9AI score0.89716EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.6 views

PT-2023-27322 · WordPress · Premio Folders

Name of the Vulnerable Software and Affected Versions: Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager versions n/a through 2.9.2 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Premio Folde...

9.1CVSS7.4AI score0.00661EPSS
Exploits0References6
OSV
OSV
added 2023/12/18 4:15 a.m.10 views

PYSEC-2023-252

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS7.1AI score0.89716EPSS
Exploits1References5
Rows per page
Query Builder