Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.9 views

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.4AI score0.02718EPSS
Exploits1References1
Circl
Circl
added 2024/12/02 12:37 a.m.10 views

CVE-2024-1483

creationtimestamp| type| source ---|---|--- 2024-12-02 00:37:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-1483.yaml 2025-02-06 02:39:17+00:00| seen| Telegram/40wz3p6ps0rfOWVB8uy9D1avPdjwSl1P1hn5uHh2pKuI1Q0 2025-03-16 14:29:47+00:00|...

7.5CVSS7.1AI score0.02718EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.4 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-1483 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-1483 Source advisory: OSV:GHSA-F82R-JJ5R-6G97...

7.5CVSS7AI score0.02718EPSS
Exploits1
CVE
CVE
added 2024/04/16 12:0 a.m.92 views

CVE-2024-1483

Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...

7.5CVSS7.4AI score0.02718EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.39 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS6.7AI score0.02718EPSS
Exploits1References1
Rows per page
Query Builder