First published: Thu Nov 16 2023(Updated: )
MLflow allowed arbitrary files to be PUT onto the server.
Credit: email@example.com firstname.lastname@example.org
|Affected Software||Affected Version||How to fix|
The severity of CVE-2023-6015 is critical.
CVE-2023-6015 allows arbitrary files to be PUT onto the MLflow server.
MLflow version 2.8.1 (up-to-exclusive) is affected by CVE-2023-6015.
To fix CVE-2023-6015, upgrade to MLflow version 2.8.1 or later.
For more information about CVE-2023-6015, you can refer to the following sources: [Huntr](https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-6015), [GitHub](https://github.com/mlflow/mlflow/pull/10330)