2 matches found
CVE-2024-3573
mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...
Improper URI Parsing
symfony/http-foundation is vulnerable to Improper URI Parsing. The vulnerability is due to improper parsing of URIs with special characters by the Request class, which does not align with browser behavior, allowing attackers to exploit validators and redirect users to malicious domains...