Latest Lfprojects Vulnerabilities

### Impact _What kind of vulnerability is it? Who is impacted?_ An information leakage vulnerability is present in [`cdo-local-uuid`](https://pypi.org/project/cdo-local-uuid/) at version `0.4.0`, and...
pip/case-utils=0.14.0
pip/case-utils=0.13.0
pip/case-utils=0.11.0
pip/case-utils=0.10.0
pip/case-utils=0.9.0
pip/case-utils=0.8.0
and 15 more
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow>=1.0.0<2.9.2
>=1.0.0<2.9.2
Unrestricted Upload of File with Dangerous Type
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
Path Traversal: '\..\filename'
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
Server-Side Request Forgery (SSRF)
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
Command Injection
pip/mlflow<2.9.2
Lfprojects Mlflow<2.9.2
<2.9.2
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
Path Traversal in mlflow/mlflow
Lfprojects Mlflow<2.9.2
Microsoft Windows
pip/mlflow<2.9.2
Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Lfprojects Mlflow<2.9.2
pip/mlflow<2.9.2
Cross-site Scripting (XSS) - Reflected in mlflow/mlflow
Lfprojects Mlflow<=2.9.0
pip/mlflow<2.9.0
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Lfprojects Mlflow<=2.8.1
pip/mlflow<2.9.0
MLflow Authentication Bypass
pip/mlflow<=2.5.0
Lfprojects Mlflow
MLflow Arbitrary File Upload
pip/mlflow<2.8.1
Lfprojects Mlflow<2.8.1
MLflow Arbitrary File Write
pip/mlflow<=2.8.1
Lfprojects Mlflow
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
Lfprojects Mlflow<2.6.0
pip/mlflow<2.6.0
### Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subseq...
Lfprojects Apptainer=1.2.0-rc2
Lfprojects Apptainer=1.2.0
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
pip/mlflow<2.5.0
Lfprojects Mlflow<2.5.0
Microsoft Windows
Lfprojects Mlflow<2.3.1
pip/mlflow<2.3.0
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Lfprojects Mlflow<2.0.1
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
Lfprojects Mlflow<2.3.1
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Lfprojects Apptainer<1.1.8
Sylabs Singularity
Redhat Enterprise Linux=7.0
go/github.com/apptainer/apptainer<1.1.8
FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.
Lfprojects Vector Packet Processor=19.04
Lfprojects Vector Packet Processor=19.08
Lfprojects Vector Packet Processor=20.01
Lfprojects Vector Packet Processor=20.05
Lfprojects Vector Packet Processor=20.09
Lfprojects Vector Packet Processor=21.01
and 5 more
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
Lfprojects Mlflow<2.2.2
Path Traversal: '\..\filename' in mlflow/mlflow
Lfprojects Mlflow<2.2.1
pip/mlflow<=2.2.0
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyon...
Lfprojects Modelina<1.0.0
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
Lfprojects Mlflow<1.23.1

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203