Page 6 of 30 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. • https://github.com/mlflow/mlflow/issues/7166 https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342 https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896 • CWE-23: Relative Path Traversal •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. • https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085 • CWE-36: Absolute Path Traversal •

CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 4

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. • https://github.com/iumiro/CVE-2023-1177-MLFlow https://github.com/hh-hunter/ml-CVE-2023-1177 https://github.com/tiyeume25112004/CVE-2023-1177-rebuild https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-29: Path Traversal: '\..\filename' •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. Un Archivo Temporal no Seguro en el repositorio de GitHub mlflow/mlflow versiones anteriores a 1.23.1 • https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711 https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75 • CWE-377: Insecure Temporary File •