MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow 3.10.1.dev0 and prior versions, which stems from the...

CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

CVE-2023-22726

act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...

PYSEC-2023-70

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

PT-2023-22565 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.0.1 Description: A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the path parameter. Recommendations: For versions prior to 2.0.1, update to...