High severityNVD Advisory· Published Apr 16, 2024· Updated Aug 1, 2024
Local File Read via Path Traversal in mlflow/mlflow
CVE-2024-1594
Description
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifact_location parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component # in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | <= 2.9.2 | — |
Affected products
3- osv-coords2 versions
< 2.11.3+ 1 more
- (no CPE)range: < 2.11.3
- (no CPE)range: <= 2.9.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.