0.001 Low
EPSS
Percentile
38.1%
mlflow is vulnerable to information disclosure. The vulnerability exists due to lack of sanitization in the tempfile.mktemp' function in file_utils.py`file allows to create same name temporary files in a different process.
tempfile.mktemp' function in
github.com/advisories/GHSA-vqj2-4v8m-8vrq
github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711
github.com/mlflow/mlflow/pull/5303
huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75