34 matches found
Path Traversal
mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...
EUVD-2025-31105
Malicious code in bioql PyPI...
CVE-2025-10951
A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely...
CVE-2025-10952
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: OSV:GHSA-9X36-C74V-FGR6...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: SNYK:PYTHON-MLLOGGER-1311003...
GHSA-9X36-C74V-FGR6 ml-logger file handler allows reading arbitrary files
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
ml-logger file handler allows reading arbitrary files
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952 geyang ml-logger File server.py stream_handler information disclosure
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952
The CVE-2025-10952 entry concerns geyang ml-logger (ml_logger/server.py, stream_handler). The vulnerability arises from manipulation of the key argument in stream_handler, enabling information disclosure through a remote attack. Multiple sources confirm the flaw affects ml-logger and that no vers...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: OSV:GHSA-57HM-8RJV-498W...
ml-logger has path traversal in the file argument
A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...
GHSA-57HM-8RJV-498W ml-logger deserialization vulnerability
A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has be...
ml-logger deserialization vulnerability
A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has be...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: OSV:GHSA-8X9J-2P8R-7XC6...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...
GHSA-8X9J-2P8R-7XC6 ml-logger has path traversal in the file argument
A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...