20 matches found
CVE-2026-2614
A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...
BIT-MLFLOW-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the createmodelversion function. An attacker can access arbitrary files on the server's filesystem by including the mlflow.prompt.isprompt tag in a CreateModelVersion request, which bypasses source path validatio...
Directory Traversal
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via the createmodelversion function. An attack...
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
GHSA-42H5-H8QH-VV9V MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
EUVD-2026-29180
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-2614
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
MLflow 路径遍历漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLFlow prior to 3.9.0 contained a path traversal vulnerability. This vulnerability...
Arbitrary File Read via Prompt Tag Source Validation Bypass in CreateModelVersion
The createmodelversion handler in mlflow/server/handlers.py uses a client-controlled tag to decide whether to skip source path validation. When a CreateModelVersion request includes the tag mlflow.prompt.isprompt, the helper ispromptrequest returns True, and the entire source validation block...
CVE-2019-20740
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130...
EUVD-2024-1230
Malicious code in bioql PyPI...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
BIT-MLFLOW-2024-1558 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
CVE-2024-1558
A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...
PT-2024-18129
Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description A path traversal issue exists due to improper validation of the source parameter in the create model version function. This allows attackers to bypass checks by the validate non local...
LFI in Model Version REST API creation
Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...