13 matches found
BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
Relative Path Traversal
mlflow is vulnerable to Relative Path Traversal. The vulnerability is due to improper URL handling due to the dbfs service concatenating URLs directly into the file protocol, allowing arbitrary file reads when the service is mounted to a local directory...
CVE-2024-8859
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
GHSA-4RQF-8PFM-P36R MLflow has a Local File Read/Path Traversal in dbfs
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
MLflow has a Local File Read/Path Traversal in dbfs
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859
Mlflow/mlflow 2.15.1 contains a path traversal/local file read vulnerability when using the dbfs service: the URL is interpolated into the file protocol with only the path portion validated, enabling reading arbitrary server files when dbfs is mounted locally. Public sources (Nuclei template, OSV...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
MLflow 安全漏洞
MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow version 2.15.1, which stems from a misconfiguration of the...
PT-2025-12247 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.15.1 Description: A path traversal issue exists when users configure and use the dbfs service. The vulnerability arises from directly concatenating the URL into the file protocol, resulting in an arbitrary file read...
Databricks Platform Cluster Isolation Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Platform vulnerable version: PaaS version as of 2023-01-26 fixed version:...
PT-2006-6099 · Contenido · Contenido Cms
Name of the Vulnerable Software and Affected Versions: Contenido CMS versions prior to 4.6.15 Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the contenido path parameter to 1 "cms/dbfs.php" or 2 "cms/front content.php". Recommendation...