2 matches found
BIT-MLFLOW-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...
CVE-2020-24621
A remote code execution RCE vulnerability was discovered in the htmlformentry aka HTML Form Entry module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed...