5 matches found
GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +318 more potentially affected by CVE-2023-1176 via mlflow (>=0.8.2 <=2.22.5)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-1176 Source advisory: OSV:GHSA-WP72-7HJ9-5265...
CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +319 more potentially affected by CVE-2023-1176 via mlflow (>=0.8.2 <=2.2.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-1176 Source advisory: OSV:PYSEC-2023-28...
CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...