Latest Lfprojects Vulnerabilities

CVE-2024-22194
### Impact _What kind of vulnerability is it? Who is impacted?_ An information leakage vulnerability is present in [`cdo-local-uuid`](https://pypi.org/project/cdo-local-uuid/) at version `0.4.0`, and...
pip/case-utils=0.14.0
pip/case-utils=0.13.0
pip/case-utils=0.11.0
pip/case-utils=0.10.0
pip/case-utils=0.9.0
pip/case-utils=0.8.0
and 15 more
CVE-2023-6977
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow>=1.0.0<2.9.2
>=1.0.0<2.9.2
CVE-2023-6976
Unrestricted Upload of File with Dangerous Type
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
CVE-2023-6975
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
CVE-2023-6974
Server-Side Request Forgery (SSRF)
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6940
Command Injection
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
CVE-2023-6909
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6831
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6753
Path Traversal in mlflow/mlflow
Lfprojects Mlflow<2.9.2
Microsoft Windows
pip/mlflow<2.9.2
CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
CVE-2023-6568
Reflected XSS via Content-Type Header in mlflow/mlflow
pip/mlflow<2.9.0
Lfprojects Mlflow<=2.9.0
<=2.9.0
CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Lfprojects Mlflow<=2.8.1
pip/mlflow<2.9.0
CVE-2023-6014
MLflow Authentication Bypass
Lfprojects Mlflow
pip/mlflow<2.8.0
CVE-2023-6015
MLflow Arbitrary File Upload
pip/mlflow<2.8.1
Lfprojects Mlflow<2.8.1
CVE-2023-6018
MLflow Arbitrary File Write
pip/mlflow<=2.8.1
Lfprojects Mlflow
CVE-2023-4033
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
Lfprojects Mlflow<2.6.0
pip/mlflow<2.6.0
CVE-2023-38496
### Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subseq...
Lfprojects Apptainer=1.2.0-rc2
Lfprojects Apptainer=1.2.0
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
pip/mlflow<2.5.0
Lfprojects Mlflow<2.5.0
Microsoft Windows
CVE-2023-2780
Lfprojects Mlflow<2.3.1
pip/mlflow<2.3.0
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Lfprojects Mlflow<2.0.1
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
Lfprojects Mlflow<2.3.1
CVE-2023-30549
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Lfprojects Apptainer<1.1.8
Sylabs Singularity
Redhat Enterprise Linux=7.0
go/github.com/apptainer/apptainer<1.1.8
CVE-2022-46397
FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.
Lfprojects Vector Packet Processor=19.04
Lfprojects Vector Packet Processor=19.08
Lfprojects Vector Packet Processor=20.01
Lfprojects Vector Packet Processor=20.05
Lfprojects Vector Packet Processor=20.09
Lfprojects Vector Packet Processor=21.01
and 5 more
CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
Lfprojects Mlflow<2.2.2
CVE-2023-1177
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.2.1
pip/mlflow<=2.2.0
CVE-2023-23619
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyon...
Lfprojects Modelina<1.0.0
CVE-2022-0736
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
Lfprojects Mlflow<1.23.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203