14 matches found
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
CVE-2026-0573
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repositorypages API insecurely followed HTTP redirects when fetching artifact URLs, preserving the authorization header containing a...
PT-2026-20495
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.19.2 GitHub Enterprise Server versions 3.18.4 GitHub Enterprise Server versions 3.17.10 GitHub Enterprise Server versions 3.16.13 GitHub Enterprise Server...
Linux Distros Unpatched Vulnerability : CVE-2022-41606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash clie...
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...
BIT-MLFLOW-2024-3848 Path Traversal Bypass in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
Path Traversal
mlflow is vulnerable to Path Traversal. The vulnerability is due to improper validation of artifact URLs, particularly in handling the fragment part of the URL. Attackers can exploit this by inserting a 'character, allowing the artifact to bypass validation, resulting an arbitrary file access on...
GHSA-RFQQ-WQ6W-72JM MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
GitLab Information Disclosure Vulnerability (CNVD-2021-84596)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...
UBUNTU-CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...
GitLab 日志信息泄露漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...
PT-2021-22747 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 10.8 and later Description: The issue allows for information disclosure from SendEntry in GitLab, exposing the full URL of artifacts stored in object-storage. This exposure occurs via Rails logs and is temporary...