1231 matches found
PT-2023-22565 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.0.1 Description: A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the path parameter. Recommendations: For versions prior to 2.0.1, update to...
CVE-2023-30172
CVE-2023-30172 describes a directory traversal in the mlflow platform’s /get-artifact API, allowing an attacker to read arbitrary server files via the path parameter. Affected: mlflow up to v2.0.1. Underlying cause: directory traversal in the get-artifact endpoint. Impact is high on confidentiali...
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
Path Traversal
mlflow is vulnerable to Path Traversal. The vulnerability exists due to the improper source validation in the validatesource function of handlers.py, which allows an attacker to access files outside the expected directory through relative paths...
GHSA-83FM-W79M-64R5 Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.3.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server for example,...
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.3.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server for example,...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +322 more potentially affected by unknown CVE via mlflow (>=0.8.2 <=2.3.0)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-83FM-W79M-64R5...
Multiple command injections in `mlflow models` CLI action
Description The mlflow cli executable is vulnerable to a command injection attack in mlflow models predict and mlflow models serve actions. The aforementioned actions is defined in file mlflow\models\cli.py, and uses a vulnerable predict and serve methods of a dynamically resolved instance of...
Multiple path traversals on Windows hosts
Description validatepathissafe function in file /mlflow/server/handlers.py, introduced in PR 7891 on Feb 24th, 2023 does not account for Windows absolute path format, and thus can be bypassed on MLFlow servers, running on Windows hosts, exposing them to a number of high-impact directory traversal...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +322 more potentially affected by CVE-2023-2356 via mlflow (>=0.8.2 <=2.3.0)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-2356 Source advisory: OSV:GHSA-X422-6QHV-P29G...
GHSA-X422-6QHV-P29G Relative path traversal in mlflow
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
Relative path traversal in mlflow
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +322 more potentially affected by CVE-2023-2356 via mlflow (>=0.8.2 <=2.3.0)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-2356 Source advisory: OSV:PYSEC-2023-68...
Path traversal
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
PYSEC-2023-68
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
PYSEC-2023-68
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
CVE-2023-2356 Relative Path Traversal in mlflow/mlflow
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
CVE-2023-2356 Relative Path Traversal in mlflow/mlflow
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
PT-2023-19040 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.3.1 Description: The issue is related to a Relative Path Traversal in the GitHub repository mlflow/mlflow. Recommendations: For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue...