a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6977 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6977 Source advisory: OSV:GHSA-QG8P-32GR-GH6X...

GHSA-59V3-898R-QWHJ MLflow Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6976 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6976 Source advisory: OSV:GHSA-WV8Q-4F85-2P8P...

MLFlow Path Traversal Vulnerability

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

MLflow Local File Disclosure Vulnerability

This vulnerability enables malicious users to read sensitive files on the server...

MLflow Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...

MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

MLflow Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:GHSA-5R3Q-93Q3-F978...

GHSA-HH8P-P8MP-GQHM MLFlow Path Traversal Vulnerability

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

GHSA-QG8P-32GR-GH6X MLflow Local File Disclosure Vulnerability

This vulnerability enables malicious users to read sensitive files on the server...

GHSA-5R3Q-93Q3-F978 MLflow Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

GHSA-WV8Q-4F85-2P8P MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

Mlflow Security Vulnerabilities

Mlflow is an open source platform for the machine learning lifecycle. A security vulnerability exists in Mlflow versions prior to 2.9.2 that stems from allowing an attacker to read sensitive files on the server...

Mlflow Code Issue Vulnerability

Mlflow is an open source platform for machine learning lifecycle. A code issue vulnerability exists in Mlflow. An attacker could exploit this vulnerability to write arbitrary files to an arbitrary location on a remote file system in a server process environment...

Mlflow Security Vulnerabilities

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow. An attacker exploited the vulnerability to execute commands and access data and model information on a vulnerable computer...

Mlflow Code Issue Vulnerability

Mlflow is an open source platform for machine learning lifecycle. Mlflow suffers from a code issue vulnerability. An attacker exploiting this vulnerability could remotely execute code on a victim computer...

Directory Traversal

mlflow is vulnerable to Directory Traversal. The vulnerability exists in the validatepathissafe function within uri.py which allows an attacker to read or write to files outside of the restricted directory using a crafted file path...

GHSA-HVC6-42VF-JHF8 mlflow Command Injection vulnerability

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...

mlflow Command Injection vulnerability

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...