Lucene search
K

33 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.26 views

VulnCheck KEV: CVE-2023-6909

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS7.1AI score0.89716EPSS
In wildExploits1References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1239

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00712EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.4 views

CVE-2023-2356

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...

10CVSS6.7AI score0.04153EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.10 views

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

6.5CVSS5.4AI score0.01649EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:36 a.m.8 views

CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.3AI score0.89716EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:24 a.m.3 views

CVE-2024-1593

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.4AI score0.00695EPSS
Exploits1References1
OSV
OSV
added 2025/02/04 7:21 a.m.4 views

BIT-MLFLOW-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.4AI score0.00695EPSS
Exploits1References2
NVD
NVD
added 2024/04/16 12:15 a.m.17 views

CVE-2024-1593

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References1
NVD
NVD
added 2024/04/16 12:15 a.m.24 views

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.4AI score0.00859EPSS
Exploits1References1
OSV
OSV
added 2024/04/16 12:0 a.m.7 views

CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS6.1AI score0.00859EPSS
Exploits1References3
CVE
CVE
added 2024/04/16 12:0 a.m.84 views

CVE-2024-1594

CVE-2024-1594 is a path traversal vulnerability in mlflow/mlflow related to handling of artifact_location when creating an experiment. The connected OSV entry states that a fragment component # in the artifact URL can be used to bypass validation and allow reading arbitrary files on the server wi...

7.5CVSS6.2AI score0.00712EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/16 12:0 a.m.9 views

CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.2AI score0.00712EPSS
Exploits1References3
CVE
CVE
added 2024/04/16 12:0 a.m.84 views

CVE-2024-1558

CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...

7.5CVSS6.5AI score0.00859EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/16 12:0 a.m.6 views

CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS7.2AI score0.00856EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:57 a.m.14 views

BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

6.5CVSS5.8AI score0.01649EPSS
Exploits1References3
OSV
OSV
added 2023/12/20 6:30 a.m.5 views

GHSA-5R3Q-93Q3-F978 MLflow Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

8.7CVSS5.9AI score0.89716EPSS
Exploits1References5
PyPA
PyPA
added 2023/12/18 4:15 a.m.4 views

PYSEC-2023-252

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS6.8AI score0.89716EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/12/15 3:30 a.m.1 views

GHSA-554W-XH4J-8W64 Path traversal in MLflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

10CVSS7.1AI score0.0329EPSS
Exploits1References5
PyPA
PyPA
added 2023/12/15 1:15 a.m.5 views

PYSEC-2023-253

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

8.1CVSS6.8AI score0.0329EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/12 4:15 a.m.3 views

PYSEC-2023-281

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...

8.8CVSS7.2AI score0.0093EPSS
Exploits1References6
Rows per page
Query Builder