3 matches found
CVE-2022-0736
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...
autorad (=0.1.2), azureml-contrib-run (>=1.0.18.2 <=1.0.41) +48 more potentially affected by CVE-2022-0736 via mlflow (>=0.8.2 <=1.23.0)
mlflow PYPI version =0.8.2, =1.0.18.2, =1.4.0, =3.0.0, =0.0.4, =0.1.3, =0.0.8, =0.0.1, =0.4.5, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0736 Source advisory: OSV:PYSEC-2022-28...
CVE-2022-0736
CVE-2022-0736 affects mlflow/mlflow prior to 1.23.1, describing an insecure temporary file issue. The root cause is use of the deprecated tempfile.mktemp() pattern in the affected code, with remediation to upgrade to mlflow 1.23.1 or later as indicated by OSV/GHSA entries. The connected sources c...