GHSA-HVC6-42VF-JHF8 mlflow Command Injection vulnerability

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...

PT-2023-32831 · Bitnami +4 · Mlflow +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. Recommendations: A...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is due to improper path validation or sanitization of uploaded files. This issue can be exploited by an attacker to delete arbitrary files on the filesystem, resulting in Denial of Service...

CVE-2023-6909

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6909

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

Path traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:PYSEC-2023-252...

PYSEC-2023-252

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

PYSEC-2023-252

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6909

Mlflow up to version 2.9.2 is affected by CVE-2023-6909: a path traversal in the repository mlflow/mlflow allows escaping to read sensitive files via the sequence \..\filename. The vulnerability affects the mlflow/mlflow project prior to 2.9.2 and is classified as CWE-29. Impact in the NVD/NVD-de...

PT-2023-32825 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow affected versions not specified Description: The issue allows attackers to gain full command execution on the victim system with only one user interaction, which involves downloading a malicious config. This is related to a Command...

mlflow Command Injection Vulnerability

Mlflow is an open source platform for machine learning lifecycles. Mlflow suffers from a command injection vulnerability that stems from the ability to bypass the jinja2 SSTI, which can be exploited by an attacker to gain full command execution privileges on the victim's system...

PT-2023-32817 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.9.2 Description: The issue concerns a path traversal vulnerability. It involves the use of '..filename' in the GitHub repository mlflow/mlflow. Recommendations: For versions prior to 2.9.2, update to version 2.9.2 o...

mlflow Security Vulnerabilities

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in mlflow versions prior to 2.9.2 that stems from the presence of a path traversal issue...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6831 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6831 Source advisory: OSV:GHSA-554W-XH4J-8W64...

GHSA-554W-XH4J-8W64 Path traversal in MLflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

Path traversal in MLflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6831

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6831

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...