1231 matches found
PT-2024-18156 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists due to improper handling of URL parameters. Attackers can manipulate the 'params' portion of the URL by smuggling path traversal sequences using the ';'...
PT-2024-18131 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.9.3 Description: A path traversal issue exists in the artifact deletion functionality of the mlflow repository. This is due to an extra unquote operation in the delete artifacts function of local artifact repo.py,...
Mlflow 路径遍历漏洞
Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow version 2.9.2, which stems from an inability to properly clean up user-supplied paths, allowing an attacker to delete arbitrary directories on the server filesystem...
Mlflow 路径遍历漏洞
Mlflow is an open source platform for the machine learning lifecycle. Mlflow version 2.9.2 suffers from a path traversal vulnerability that stems from insufficient validation of user-supplied input. An attacker exploiting this vulnerability could access arbitrary files on the server...
PT-2024-18157 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists in the handling of the artifact location parameter when creating an experiment. Attackers can exploit this by using a fragment component in the artifact...
BIT-MLFLOW-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
BIT-MLFLOW-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2023-6014
creationtimestamp| type| source ---|---|--- 2024-03-27 16:42:02+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/mlflowcve20236014...
BIT-MLFLOW-2022-0736 Insecure Temporary File in mlflow/mlflow
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...
BIT-MLFLOW-2023-1176 Absolute Path Traversal in mlflow/mlflow
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...
BIT-MLFLOW-2023-2356 Relative Path Traversal in mlflow/mlflow
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
BIT-MLFLOW-2023-2780 Path Traversal: '\..\filename' in mlflow/mlflow
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1...
BIT-MLFLOW-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
BIT-MLFLOW-2023-3765 Absolute Path Traversal in mlflow/mlflow
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0...
BIT-MLFLOW-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...
BIT-MLFLOW-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment...
BIT-MLFLOW-2023-6015 MLflow Arbitrary File Upload
MLflow allowed arbitrary files to be PUT onto the server...
BIT-MLFLOW-2023-6018
An attacker can overwrite any file on the server hosting MLflow without any authentication...
BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
BIT-MLFLOW-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...