Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 10:52 p.m.14 views

CVE-2026-2614

A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...

7.5CVSS7.1AI score0.00712EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 8:50 a.m.8 views

BIT-MLFLOW-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References7
Snyk
Snyk
added 2026/05/12 3:23 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the createmodelversion function. An attacker can access arbitrary files on the server's filesystem by including the mlflow.prompt.isprompt tag in a CreateModelVersion request, which bypasses source path validatio...

8.7CVSS7.5AI score0.00712EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 3:23 p.m.19 views

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via the createmodelversion function. An attack...

8.7CVSS7.5AI score0.00712EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.16 views

MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/11 9:31 p.m.9 views

GHSA-42H5-H8QH-VV9V MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/11 9:31 p.m.21 views

EUVD-2026-29180

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 8:25 p.m.14 views

CVE-2026-2614

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS0.00712EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/11 7:2 p.m.9 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 7:2 p.m.44 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS0.00712EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

MLflow 路径遍历漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLFlow prior to 3.9.0 contained a path traversal vulnerability. This vulnerability...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References1
Huntr
Huntr
added 2026/02/10 7:2 p.m.39 views

Arbitrary File Read via Prompt Tag Source Validation Bypass in CreateModelVersion

The createmodelversion handler in mlflow/server/handlers.py uses a client-controlled tag to decide whether to skip source path validation. When a CreateModelVersion request includes the tag mlflow.prompt.isprompt, the helper ispromptrequest returns True, and the entire source validation block...

7.5CVSS7.3AI score0.00712EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.9 views

CVE-2019-20740

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130...

6.8CVSS7.2AI score0.00443EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1230

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00859EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 5:35 a.m.6 views

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References1
OSV
OSV
added 2025/02/04 7:22 a.m.6 views

BIT-MLFLOW-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:30 a.m.19 views

GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References3
NVD
NVD
added 2024/04/16 12:15 a.m.24 views

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.4AI score0.00859EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.6 views

PT-2024-18129

Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description A path traversal issue exists due to improper validation of the source parameter in the create model version function. This allows attackers to bypass checks by the validate non local...

7.5CVSS7.2AI score0.00859EPSS
Exploits1References11
Huntr
Huntr
added 2023/04/20 6:40 p.m.23 views

LFI in Model Version REST API creation

Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...

5CVSS7.2AI score0.04119EPSS
Exploits1
Rows per page
Query Builder