14 matches found
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
EUVD-2024-1239
Malicious code in bioql PyPI...
CVE-2023-6909
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
BIT-MLFLOW-2024-1594 Local File Read via Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
GHSA-RFQQ-WQ6W-72JM MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:GHSA-5R3Q-93Q3-F978...
CVE-2023-6909
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6909 via mlflow (>=0.8.2 <=2.9.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6909 Source advisory: OSV:PYSEC-2023-252...
CVE-2023-6909
Mlflow up to version 2.9.2 is affected by CVE-2023-6909: a path traversal in the repository mlflow/mlflow allows escaping to read sensitive files via the sequence \..\filename. The vulnerability affects the mlflow/mlflow project prior to 2.9.2 and is classified as CWE-29. Impact in the NVD/NVD-de...
CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...