PyPI package
mlflow
pkg:pypi/mlflow
Vulnerabilities (66)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2780 | — | < 2.3.0 | 2.3.0 | May 17, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||
| CVE-2023-30172 | — | < 2.0.0rc0 | 2.0.0rc0 | May 11, 2023 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | ||
| CVE-2023-2356 | — | < 2.3.1 | 2.3.1 | Apr 28, 2023 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | ||
| CVE-2023-1177 | — | < 2.2.1 | 2.2.1 | Mar 24, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||
| CVE-2023-1176 | — | < 2.2.1 | 2.2.1 | Mar 24, 2023 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | ||
| CVE-2022-0736 | — | < 1.23.1 | 1.23.1 | Feb 23, 2022 | Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. |
- CVE-2023-2780May 17, 2023affected < 2.3.0fixed 2.3.0
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2023-30172May 11, 2023affected < 2.0.0rc0fixed 2.0.0rc0
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
- CVE-2023-2356Apr 28, 2023affected < 2.3.1fixed 2.3.1
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2023-1177Mar 24, 2023affected < 2.2.1fixed 2.2.1
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
- CVE-2023-1176Mar 24, 2023affected < 2.2.1fixed 2.2.1
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
- CVE-2022-0736Feb 23, 2022affected < 1.23.1fixed 1.23.1
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
Page 4 of 4