CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

EUVD-2021-2283

Malware in sbrugna...

BIT-KUSTOMIZE-2021-41254 Privilege escalation to cluster admin on multi-tenant environments

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...

PT-2021-4880 · Kyverno +1 · Kyverno +4

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.15.0 Description: The issue is related to the kustomize-controller, a Kubernetes operator for running continuous delivery pipelines. It allows users who can create Kubernetes Secrets, Service Accounts,...