High severityNVD Advisory· Published Apr 28, 2023· Updated Jan 30, 2025
Relative Path Traversal in mlflow/mlflow
CVE-2023-2356
Description
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 2.3.1 | 2.3.1 |
Affected products
3- osv-coords2 versions
< 2.3.1+ 1 more
- (no CPE)range: < 2.3.1
- (no CPE)range: < 2.3.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x422-6qhv-p29gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2356ghsaADVISORY
- github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-68.yamlghsaWEB
- huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896ghsaWEB
News mentions
0No linked articles in our index yet.