CVE-2022-0736
First published: Wed Feb 23 2022(Updated: )
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
Credit: security@huntr.dev security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lfprojects Mlflow | <1.23.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-0736?
CVE-2022-0736 is a vulnerability in mlflow prior to version 1.23.1 that involves an insecure temporary file creation.
How severe is CVE-2022-0736?
CVE-2022-0736 has a severity score of 8.2, indicating a high severity.
What is the affected software for CVE-2022-0736?
The affected software for CVE-2022-0736 is mlflow prior to version 1.23.1.
What is the recommended solution for CVE-2022-0736?
To fix CVE-2022-0736, upgrade mlflow to version 1.23.1 or later.
Where can I find more information about CVE-2022-0736?
You can find more information about CVE-2022-0736 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-0736), [GitHub commit](https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711), [Huntr](https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75).
- collector/nvd-cve
- collector/nvd-index
- collector/github-advisory
- alias/GHSA-vqj2-4v8m-8vrq
- alias/CVE-2022-0736
- collector/github-advisory-latest
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/lfprojects
- canonical/lfprojects mlflow
- package-manager/pip