Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +344 more potentially affected by CVE-2024-1594 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1594 Source advisory: OSV:GHSA-M49C-5C52-6696...

7.5CVSS7AI score0.00712EPSS
Exploits1
NVD
NVD
added 2024/04/16 12:15 a.m.31 views

CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.2AI score0.00712EPSS
Exploits1References1
CVE
CVE
added 2024/04/16 12:0 a.m.89 views

CVE-2024-1594

CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...

7.5CVSS6.2AI score0.00712EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/16 12:0 a.m.10 views

CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.2AI score0.00712EPSS
Exploits1References3
Rows per page
Query Builder