CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 1CVE-2023-3765 – Absolute Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-3765
19 Jul 2023 — Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. • https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 1CVE-2023-2780 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-2780
17 May 2023 — Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30172
https://notcve.org/view.php?id=CVE-2023-30172
11 May 2023 — A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. • https://github.com/mlflow/mlflow/issues/7166 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 82%CPEs: 1EXPL: 1CVE-2023-2356 – Relative Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-2356
28 Apr 2023 — Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342 • CWE-23: Relative Path Traversal •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1176 – Absolute Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-1176
24 Mar 2023 — Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. • https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 8CVE-2023-1177 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-1177
24 Mar 2023 — Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. • https://github.com/iumiro/CVE-2023-1177-MLFlow • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-29: Path Traversal: '\..\filename' •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0736 – Insecure Temporary File in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2022-0736
23 Feb 2022 — Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. Un Archivo Temporal no Seguro en el repositorio de GitHub mlflow/mlflow versiones anteriores a 1.23.1 • https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711 • CWE-377: Insecure Temporary File •