1248 matches found
Local File Inclusion (LFI)
mlflow is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper parsing of URIs within the function islocaluri in uri.py,, which allows an attackers to read arbitrary files on the system...
Path Traversal
MLflow is vulnerable to a path traversal attack. The vulnerability is due to improper handling of the artifactlocation parameter when creating an experiment, allowing attackers to exploit the fragment component of the URI to read arbitrary files on the server in the context of the server's proces...
Path Traversal
mlflow is vulnerable to a path traversal vulnerability. The vulnerability is due to an extra unquote operation in the deleteartifacts function of localartifactrepo.py, which fails to properly sanitize user-supplied paths. Attackers can exploit the double decoding process in the...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +148 more potentially affected by CVE-2024-3573 via mlflow (>=0.8.2 <=2.0.1)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =0.0.4, =0.0.7 and more Source cves: CVE-2024-3573 Source advisory: OSV:GHSA-HQ88-WG7Q-GP4G...
GHSA-HQ88-WG7Q-GP4G mlflow vulnerable to Path Traversal
mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...
mlflow vulnerable to Path Traversal
mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1594 via mlflow (>=0.8.2 <=2.9.2)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1594 Source advisory: OSV:GHSA-M49C-5C52-6696...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1593 via mlflow (>=0.8.2 <=2.9.2)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1593 Source advisory: OSV:GHSA-F42M-MVFV-CGW5...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1560 via mlflow (>=0.8.2 <=2.9.2)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1560 Source advisory: OSV:GHSA-5MVJ-WMGJ-7Q8C...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1558 via mlflow (>=0.8.2 <=2.11.3)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1558 Source advisory: OSV:GHSA-J62R-WXQQ-F3GF...
GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
GHSA-5MVJ-WMGJ-7Q8C mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
GHSA-M49C-5C52-6696 mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
GHSA-F42M-MVFV-CGW5 mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1483 via mlflow (>=0.8.2 <=2.11.3)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1483 Source advisory: OSV:GHSA-F82R-JJ5R-6G97...
mlflow Path Traversal vulnerability
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...