CVE-2023-6940 – Command Injection
https://notcve.org/view.php?id=CVE-2023-6940
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. Con solo una interacción del usuario (descargar una configuración maliciosa), los atacantes pueden obtener la ejecución completa del comando en el sistema víctima. • https://github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1 https://huntr.com/bounties/c6f59480-ce47-4f78-a3dc-4bd8ca15029c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-6909 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-6909
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path traversal: '\..\filename' en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2. • https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850 • CWE-29: Path Traversal: '\..\filename' •
CVE-2023-6831 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-6831
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path Traversal: '\..\filename' en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2. • https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-29: Path Traversal: '\..\filename' •
CVE-2023-6753 – Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. Path traversal en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2. • https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4 https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-6709 – Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. Neutralización inadecuada de elementos especiales utilizados en un motor de plantillas en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2. • https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625 https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •