2 matches found
CVE-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
CVE-2023-6568
MLflow XSS (CVE-2023-6568) : A reflected XSS exists in mlflow/mlflow due to how the Content-Type header from POST requests is handled. The vulnerability is in mlflow/server/auth/init .py, where user-supplied Content-Type is directly inserted into a Python-formatted string and returned, allowing a...