Lucene search
K

5 matches found

OSV
OSV
added 2023/03/24 10:1 p.m.19 views

GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

4.8CVSS4.7AI score0.00578EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2023/03/24 10:1 p.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +318 more potentially affected by CVE-2023-1176 via mlflow (>=0.8.2 <=2.22.5)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-1176 Source advisory: OSV:GHSA-WP72-7HJ9-5265...

5.3CVSS5.9AI score0.00578EPSS
Exploits1
NVD
NVD
added 2023/03/24 3:15 p.m.34 views

CVE-2023-1176

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS4.4AI score0.00578EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/03/24 3:15 p.m.3 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +319 more potentially affected by CVE-2023-1176 via mlflow (>=0.8.2 <=2.2.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-1176 Source advisory: OSV:PYSEC-2023-28...

5.3CVSS5.9AI score0.00578EPSS
Exploits1
OSV
OSV
added 2023/03/24 12:0 a.m.28 views

CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS5AI score0.00578EPSS
Exploits1References4
Rows per page
Query Builder