6 matches found
CVE-2024-8859
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859
Mlflow/mlflow 2.15.1 contains a path traversal/local file read vulnerability when using the dbfs service: the URL is interpolated into the file protocol with only the path portion validated, enabling reading arbitrary server files when dbfs is mounted locally. Public sources (Nuclei template, OSV...