Latest lfprojects mlflow Vulnerabilities

CVE-2023-6977
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow>=1.0.0<2.9.2
>=1.0.0<2.9.2
CVE-2023-6976
Unrestricted Upload of File with Dangerous Type
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
CVE-2023-6975
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
CVE-2023-6974
Server-Side Request Forgery (SSRF)
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6940
Command Injection
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
CVE-2023-6909
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6831
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6753
Path Traversal in mlflow/mlflow
Lfprojects Mlflow<2.9.2
Microsoft Windows
pip/mlflow<2.9.2
CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6568
Reflected XSS via Content-Type Header in mlflow/mlflow
pip/mlflow<2.9.0
Lfprojects Mlflow<=2.9.0
<=2.9.0
CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Lfprojects Mlflow<=2.8.1
pip/mlflow<2.9.0
CVE-2023-6014
MLflow Authentication Bypass
Lfprojects Mlflow
pip/mlflow<2.8.0
CVE-2023-6015
MLflow Arbitrary File Upload
pip/mlflow<2.8.1
Lfprojects Mlflow<2.8.1
CVE-2023-6018
MLflow Arbitrary File Write
pip/mlflow<=2.8.1
Lfprojects Mlflow
CVE-2023-4033
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
Lfprojects Mlflow<2.6.0
pip/mlflow<2.6.0
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
pip/mlflow<2.5.0
Lfprojects Mlflow<2.5.0
Microsoft Windows
CVE-2023-2780
Lfprojects Mlflow<2.3.1
pip/mlflow<2.3.0
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Lfprojects Mlflow<2.0.1
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
Lfprojects Mlflow<2.3.1
CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
Lfprojects Mlflow<2.2.2
CVE-2023-1177
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.2.1
pip/mlflow<=2.2.0
CVE-2022-0736
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
Lfprojects Mlflow<1.23.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203