VYPR

Bitnami package

mlflow

pkg:bitnami/mlflow

Vulnerabilities (73)

  • CVE-2023-6568Dec 7, 2023
    affected < 2.9.1fixed 2.9.1

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly refle

  • CVE-2023-43472Dec 5, 2023
    affected < 2.8.2fixed 2.8.2

    An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

  • CVE-2023-6014Nov 16, 2023

    An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

  • CVE-2023-6015Nov 16, 2023
    affected < 2.8.1fixed 2.8.1

    MLflow allowed arbitrary files to be PUT onto the server.

  • CVE-2023-6018Nov 16, 2023

    An attacker can overwrite any file on the server hosting MLflow without any authentication.

  • CVE-2023-4033Aug 1, 2023
    affected < 2.6.0fixed 2.6.0

    OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.

  • CVE-2023-3765Jul 19, 2023
    affected < 2.5.0fixed 2.5.0

    Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

  • CVE-2023-2780May 17, 2023
    affected < 2.3.1fixed 2.3.1

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

  • CVE-2023-30172May 11, 2023
    affected < 2.0.1fixed 2.0.1

    A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

  • CVE-2023-2356Apr 28, 2023
    affected < 2.3.1fixed 2.3.1

    Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

  • CVE-2023-1177Mar 24, 2023
    affected < 2.2.1fixed 2.2.1

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

  • CVE-2023-1176Mar 24, 2023
    affected < 2.2.2fixed 2.2.2

    Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

  • CVE-2022-0736Feb 23, 2022
    affected < 1.23.1fixed 1.23.1

    Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

Page 4 of 4