Lucene search
+L

4 matches found

NVD
NVD
added 2024/04/16 12:15 a.m.44 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.24 views

CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS6.8AI score0.00856EPSS
Exploits1References1
CVE
CVE
added 2024/04/16 12:0 a.m.89 views

CVE-2024-1560

CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...

8.1CVSS7.8AI score0.00856EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.49 views

CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8.1AI score0.00856EPSS
Exploits1References1
Rows per page
Query Builder