Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.8 views

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.4AI score0.02718EPSS
Exploits1References1
OSV
OSV
added 2025/02/04 7:22 a.m.7 views

BIT-MLFLOW-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.3AI score0.02718EPSS
Exploits1References2
PyPA
PyPA
added 2024/06/06 7:15 p.m.7 views

PYSEC-2024-242

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS6.5AI score0.21847EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2024/04/16 12:0 a.m.7 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.2AI score0.02718EPSS
Exploits1References3
OSV
OSV
added 2023/12/15 3:30 a.m.1 views

GHSA-554W-XH4J-8W64 Path traversal in MLflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

10CVSS7.1AI score0.0329EPSS
Exploits1References5
PyPA
PyPA
added 2023/12/15 1:15 a.m.5 views

PYSEC-2023-253

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

8.1CVSS6.8AI score0.0329EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder