CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2023/12/13 12:15 a.m.•0 views

PYSEC-2023-309

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...

8.8CVSS7.2AI score0.02418EPSS

Exploits1References5

OSV•added 2023/12/12 6:30 a.m.•0 views

GHSA-CXFR-5Q3R-2RC2 Jinja2 template injection in mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

8.8CVSS5.9AI score0.00262EPSS

Exploits1References5

OSV•added 2023/12/07 5:15 a.m.•0 views

PYSEC-2023-260

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

6.1CVSS6.3AI score0.33351EPSS

Exploits1References4

OSV•added 2023/05/17 9:15 p.m.•1 views

PYSEC-2023-69

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1...

9.8CVSS5.9AI score0.86137EPSS

Exploits1References5

OSV•added 2023/04/28 12:30 a.m.•1 views

GHSA-X422-6QHV-P29G Relative path traversal in mlflow

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...

10CVSS7.1AI score0.89021EPSS

Exploits1References5