Lucene search
K

1248 matches found

Veracode
Veracode
added 2024/04/17 9:17 a.m.26 views

Local File Inclusion (LFI)

mlflow is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper parsing of URIs within the function islocaluri in uri.py,, which allows an attackers to read arbitrary files on the system...

9.3CVSS6.8AI score0.00733EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/04/17 7:35 a.m.16 views

Path Traversal

MLflow is vulnerable to a path traversal attack. The vulnerability is due to improper handling of the artifactlocation parameter when creating an experiment, allowing attackers to exploit the fragment component of the URI to read arbitrary files on the server in the context of the server's proces...

7.5CVSS7AI score0.00712EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/04/17 7:33 a.m.16 views

Path Traversal

mlflow is vulnerable to a path traversal vulnerability. The vulnerability is due to an extra unquote operation in the deleteartifacts function of localartifactrepo.py, which fails to properly sanitize user-supplied paths. Attackers can exploit the double decoding process in the...

8.1CVSS7.2AI score0.00856EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +148 more potentially affected by CVE-2024-3573 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =0.0.4, =0.0.7 and more Source cves: CVE-2024-3573 Source advisory: OSV:GHSA-HQ88-WG7Q-GP4G...

9.3CVSS7.2AI score0.00733EPSS
Exploits1
OSV
OSV
added 2024/04/16 12:30 a.m.13 views

GHSA-HQ88-WG7Q-GP4G mlflow vulnerable to Path Traversal

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

9.3CVSS9.2AI score0.00733EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.27 views

mlflow vulnerable to Path Traversal

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

9.3CVSS9.2AI score0.00733EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1594 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1594 Source advisory: OSV:GHSA-M49C-5C52-6696...

7.5CVSS7AI score0.00712EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.2 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1593 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1593 Source advisory: OSV:GHSA-F42M-MVFV-CGW5...

7.5CVSS7AI score0.00695EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.2 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1560 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1560 Source advisory: OSV:GHSA-5MVJ-WMGJ-7Q8C...

8.1CVSS7.2AI score0.00856EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.5 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1558 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1558 Source advisory: OSV:GHSA-J62R-WXQQ-F3GF...

7.5CVSS7AI score0.00859EPSS
Exploits1
OSV
OSV
added 2024/04/16 12:30 a.m.15 views

GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References3
OSV
OSV
added 2024/04/16 12:30 a.m.2 views

GHSA-5MVJ-WMGJ-7Q8C mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS7.2AI score0.00856EPSS
Exploits1References3
OSV
OSV
added 2024/04/16 12:30 a.m.3 views

GHSA-M49C-5C52-6696 mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS6AI score0.00712EPSS
Exploits1References4
OSV
OSV
added 2024/04/16 12:30 a.m.2 views

GHSA-F42M-MVFV-CGW5 mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS6AI score0.00695EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.46 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.43 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.19 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.19 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS6.7AI score0.00859EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1483 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1483 Source advisory: OSV:GHSA-F82R-JJ5R-6G97...

7.5CVSS7AI score0.02718EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.25 views

mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7AI score0.02718EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder