13 matches found
Debusine 安全漏洞
Debusine is a software supply chain management platform for the Debian community, focused on package building, testing, analysis, and distribution. There is a security vulnerability in Debusine, which stems from the lack of permission checks performed on endpoints related to the creation and...
EUVD-2024-1104
Malicious code in bioql PyPI...
CVE-2024-1560
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
BIT-MLFLOW-2024-1560 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
MLFlow < 2.12.1 File Deletion
A broken access control vulnerability exists in mlflow/mlflow versions before 2.12.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...
GHSA-P4JX-Q62P-X5JR MLflow allows low privilege users to delete any artifact
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...
PYSEC-2024-51
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...
PT-2024-30080 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions before 2.10.1 Description: A broken access control issue exists, allowing low privilege users with only EDIT permissions on an experiment to delete any artifacts. This occurs due to the lack of proper validation for...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
GHSA-5MVJ-WMGJ-7Q8C mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
CVE-2024-1560
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
CVE-2024-1560
CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...
PT-2024-18131 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.9.3 Description: A path traversal issue exists in the artifact deletion functionality of the mlflow repository. This is due to an extra unquote operation in the delete artifacts function of local artifact repo.py,...