First published: Thu Nov 16 2023(Updated: )
MLflow allowed arbitrary files to be PUT onto the server.
|Affected Software||Affected Version||How to fix|
The severity of GHSA-f798-qm4r-23r5 is critical.
GHSA-f798-qm4r-23r5 allows arbitrary files to be PUT onto the MLflow server.
MLflow version up to exclusive 2.8.1 is affected by GHSA-f798-qm4r-23r5.
Yes, updating to MLflow version 2.8.1 or above fixes GHSA-f798-qm4r-23r5.
GHSA-f798-qm4r-23r5 is associated with CWE-22.