Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Cvelist
Cvelistadded 2024/04/16 12:0 a.m.15 views

CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.6AI score0.00859EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/04/16 12:0 a.m.12 views

CVE-2024-3573 Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

9.3CVSS6.8AI score0.00733EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/04/16 12:0 a.m.37 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS6.7AI score0.02741EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/04/16 12:0 a.m.12 views

CVE-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.6AI score0.00695EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/12/18 12:0 a.m.28 views

CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

7.5CVSS7.6AI score0.89716EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/12/14 12:0 a.m.3 views

PT-2023-32782 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions prior to 2.9.2 Description: The issue is related to a Path Traversal vulnerability, where the sequence '..filename' can be used to access files outside the intended directory. This vulnerability is present in the...

8.1CVSS7.7AI score0.0329EPSS
Exploits1References14
Vulnrichment
Vulnrichmentadded 2023/08/01 12:0 a.m.9 views

CVE-2023-4033 OS Command Injection in mlflow/mlflow

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...

8.8CVSS7.2AI score0.01195EPSS
Exploits0References2
Prion
Prionadded 2023/04/28 12:15 a.m.14 views

Path traversal

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1...

7.5CVSS7.5AI score0.04153EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2023/03/24 12:0 a.m.20 views

CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.3CVSS9.7AI score0.69468EPSS
Exploits2References2
Rows per page
Query Builder