Lucene search
K

14 matches found

Nuclei
Nuclei
added yesterday66 views

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.2AI score0.43284EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1239

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00712EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.8 views

CVE-2023-6909

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS6.7AI score0.89716EPSS
Exploits1
OSV
OSV
added 2025/02/04 7:21 a.m.11 views

BIT-MLFLOW-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.1AI score0.00712EPSS
Exploits1References2
OSV
OSV
added 2024/05/16 9:33 a.m.18 views

GHSA-RFQQ-WQ6W-72JM MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.2AI score0.43284EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/05/16 9:33 a.m.22 views

MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS6.7AI score0.43284EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/05/16 9:3 a.m.42 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.5AI score0.43284EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.43 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/20 6:30 a.m.5 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:GHSA-5R3Q-93Q3-F978...

7.5CVSS7AI score0.89716EPSS
Exploits1
NVD
NVD
added 2023/12/18 4:15 a.m.37 views

CVE-2023-6909

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS0.89716EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/12/18 4:15 a.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:PYSEC-2023-252...

7.5CVSS7AI score0.89716EPSS
Exploits1
CVE
CVE
added 2023/12/18 12:0 a.m.120 views

CVE-2023-6909

Mlflow up to version 2.9.2 is affected by CVE-2023-6909: a path traversal in the repository mlflow/mlflow allows escaping to read sensitive files via the sequence \..\filename. The vulnerability affects the mlflow/mlflow project prior to 2.9.2 and is classified as CWE-29. Impact in the NVD/NVD-de...

7.5CVSS7.4AI score0.89716EPSS
In wildExploits1References2Affected Software1
OSV
OSV
added 2023/12/18 12:0 a.m.19 views

CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS7AI score0.89716EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/12/18 12:0 a.m.29 views

CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS7.6AI score0.89716EPSS
Exploits1References2
Rows per page
Query Builder