CVE-2023-3765 – Absolute Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. • https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76 • CWE-36: Absolute Path Traversal •
CVE-2023-2780 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857 https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689 • CWE-29: Path Traversal: '\..\filename' •
CVE-2023-30172
https://notcve.org/view.php?id=CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. • https://github.com/mlflow/mlflow/issues/7166 https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-2356 – Relative Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342 https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896 • CWE-23: Relative Path Traversal •
CVE-2023-1176 – Absolute Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. • https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085 • CWE-36: Absolute Path Traversal •