Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Debusine 安全漏洞

Debusine is a software supply chain management platform for the Debian community, focused on package building, testing, analysis, and distribution. There is a security vulnerability in Debusine, which stems from the lack of permission checks performed on endpoints related to the creation and...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1104

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00856EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 5:18 a.m.8 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.0329EPSS
Exploits2References1
OSV
OSV
added 2025/02/04 7:21 a.m.5 views

BIT-MLFLOW-2024-1560 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS7.8AI score0.00856EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.18 views

MLFlow < 2.12.1 File Deletion

A broken access control vulnerability exists in mlflow/mlflow versions before 2.12.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.7AI score0.00329EPSS
Exploits1References4
OSV
OSV
added 2024/05/16 9:33 a.m.2 views

GHSA-P4JX-Q62P-X5JR MLflow allows low privilege users to delete any artifact

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.1AI score0.00329EPSS
Exploits1References5
PyPA
PyPA
added 2024/05/16 9:15 a.m.4 views

PYSEC-2024-51

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.7AI score0.00329EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.3 views

PT-2024-30080 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions before 2.10.1 Description: A broken access control issue exists, allowing low privilege users with only EDIT permissions on an experiment to delete any artifacts. This occurs due to the lack of proper validation for...

5.4CVSS5.7AI score0.00329EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.46 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/04/16 12:30 a.m.2 views

GHSA-5MVJ-WMGJ-7Q8C mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS7.2AI score0.00856EPSS
Exploits1References3
OSV
OSV
added 2024/04/16 12:15 a.m.5 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2024/04/16 12:0 a.m.81 views

CVE-2024-1560

CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...

8.1CVSS7.8AI score0.00856EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.4 views

PT-2024-18131 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.9.3 Description: A path traversal issue exists in the artifact deletion functionality of the mlflow repository. This is due to an extra unquote operation in the delete artifacts function of local artifact repo.py,...

8.1CVSS8.2AI score0.00856EPSS
Exploits1References8
Rows per page
Query Builder