5 matches found
CVE-2024-1483
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
CVE-2024-1483
creationtimestamp| type| source ---|---|--- 2024-12-02 00:37:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-1483.yaml 2025-02-06 02:39:17+00:00| seen| Telegram/40wz3p6ps0rfOWVB8uy9D1avPdjwSl1P1hn5uHh2pKuI1Q0 2025-03-16 14:29:47+00:00|...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1483 via mlflow (>=0.8.2 <=2.11.3)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1483 Source advisory: OSV:GHSA-F82R-JJ5R-6G97...
CVE-2024-1483
Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...