6 matches found
CVE-2024-1483
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
BIT-MLFLOW-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
PYSEC-2024-242
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
GHSA-554W-XH4J-8W64 Path traversal in MLflow
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
PYSEC-2023-253
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...