Lucene search
K

6 matches found

Circl
Circl
added 2024/11/30 1:48 p.m.6 views

CVE-2024-3848

creationtimestamp| type| source ---|---|--- 2024-11-30 13:48:14+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3848.yaml...

7.5CVSS7.5AI score0.43284EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/05/16 9:15 a.m.9 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +162 more potentially affected by CVE-2024-3848 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-3848 Source advisory: OSV:PYSEC-2024-244...

7.5CVSS7AI score0.43284EPSS
Exploits1
NVD
NVD
added 2024/05/16 9:15 a.m.22 views

CVE-2024-3848

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.3AI score0.43284EPSS
Exploits1References2
OSV
OSV
added 2024/05/16 9:3 a.m.17 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.2AI score0.43284EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/16 9:3 a.m.30 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.4AI score0.43284EPSS
Exploits1References2
CVE
CVE
added 2024/05/16 9:3 a.m.130 views

CVE-2024-3848

CVE-2024-3848 affects mlflow/mlflow up to version 2.11.0. The path traversal stems from improper handling of the fragment component in artifact URLs, where a ‘#’ can insert a path into the URL fragment and bypass validation, allowing an attacker to read arbitrary files by mapping the URL to a fil...

7.5CVSS7.2AI score0.43284EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder