CVE-2023-6568

creationtimestamp| type| source ---|---|--- 2023-12-30 15:01:54+00:00| seen| https://t.me/ctinow/160885...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.8.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:GHSA-VWHF-3V6X-WFF8...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:PYSEC-2023-260...

CVE-2023-6568

MLflow XSS (CVE-2023-6568) : A reflected XSS exists in mlflow/mlflow due to how the Content-Type header from POST requests is handled. The vulnerability is in mlflow/server/auth/init .py, where user-supplied Content-Type is directly inserted into a Python-formatted string and returned, allowing a...