4 matches found
CVE-2024-1483
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...
PT-2024-18084 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.9.2 Description: A path traversal vulnerability exists, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted artifact location and source...
CVE-2023-6831
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6753 Path Traversal in mlflow/mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...