33 matches found
VulnCheck KEV: CVE-2023-6909
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
EUVD-2024-1239
Malicious code in bioql PyPI...
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...
CVE-2023-6568
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
CVE-2024-1593
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...
BIT-MLFLOW-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...
CVE-2024-1593
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1594
CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...
CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
CVE-2024-1558
CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...
CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
GHSA-5R3Q-93Q3-F978 MLflow Path Traversal Vulnerability
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
PYSEC-2023-252
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
GHSA-554W-XH4J-8W64 Path traversal in MLflow
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
PYSEC-2023-253
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
PYSEC-2023-281
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...