CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

MLflow Tarfile Path traversal in mlflow/mlflow

Description Vulnerability Report: Unsafe Tar Extraction Path Traversal Due to the lack of path traversal verification in the tar decompression part, it may lead to the possibility of overwriting any file or gaining elevated privileges. This is a non-expected vulnerability. Location File:...

CVE-2024-54143

openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...

Use of Weak Hash

Overview asu is an An image on demand server for OpenWrt based distributions Affected versions of this package are vulnerable to Use of Weak Hash which allows the ASU server to be polluted with malicious firmware images. Due to the low entropy employed when only 12 characters are used from the...

CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection

openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...