Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow versions prior to 2.9.2, which stems from the ability to write arbitrary files while loading a dataset...

Jinja2 template injection in mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:GHSA-CXFR-5Q3R-2RC2...

GHSA-CXFR-5Q3R-2RC2 Jinja2 template injection in mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6709

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

PYSEC-2023-281

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:PYSEC-2023-281...

PYSEC-2023-281

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

PT-2023-32757 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions prior to 2.9.2 Description: The issue is related to Path Traversal in the GitHub repository mlflow/mlflow. Recommendations: For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue...

Mlflow Security Vulnerabilities

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.9.2 that stems from incorrect neutralization of special elements used in the template engine...

PT-2023-32744 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions prior to 2.9.2 Description: The issue is related to improper neutralization of special elements used in a template engine. This can lead to remote code execution due to jinja2 SSTI in MLflow. Recommendations: For versio...

Cross Site Scripting (XSS)

mlflow is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of proper sanitization and escaping of user inputs in the Content-Type header of POST requests. An attacker can exploit this vulnerability to injecting malicious code into the header, which will then be...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.8.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:GHSA-VWHF-3V6X-WFF8...

GHSA-VWHF-3V6X-WFF8 Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:PYSEC-2023-260...