2 matches found
PYSEC-2023-70
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
PT-2023-22565 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.0.1 Description: A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the path parameter. Recommendations: For versions prior to 2.0.1, update to...