VYPR

Mlflow

by Mlflow

pypi: mlflow

Source repositories

CVEs (76)

  • CVE-2023-6940Dec 19, 2023
    risk 0.00cvss epss 0.01

    with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

  • CVE-2023-6909Dec 18, 2023
    risk 0.00cvss epss 0.90

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

  • CVE-2023-6831Dec 15, 2023
    risk 0.00cvss epss 0.03

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

  • CVE-2023-6753Dec 13, 2023
    risk 0.00cvss epss 0.01

    Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

  • CVE-2023-6709Dec 12, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

  • CVE-2023-6568Dec 7, 2023
    risk 0.00cvss epss 0.02

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly…

  • CVE-2023-6014Nov 16, 2023
    risk 0.00cvss epss 0.01

    An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

  • CVE-2023-6015Nov 16, 2023
    risk 0.00cvss epss 0.04

    MLflow allowed arbitrary files to be PUT onto the server.

  • CVE-2023-6018Nov 16, 2023
    risk 0.00cvss epss 0.48

    An attacker can overwrite any file on the server hosting MLflow without any authentication.

  • CVE-2023-4033Aug 1, 2023
    risk 0.00cvss epss 0.01

    OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.

  • CVE-2023-3765Jul 19, 2023
    risk 0.00cvss epss 0.71

    Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

  • CVE-2023-2780May 17, 2023
    risk 0.00cvss epss 0.06

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

  • CVE-2023-2356Apr 28, 2023
    risk 0.00cvss epss 0.04

    Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

  • CVE-2023-1176Mar 24, 2023
    risk 0.00cvss epss 0.01

    Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

  • CVE-2023-1177Mar 24, 2023
    risk 0.00cvss epss 0.69

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

  • CVE-2022-0736Feb 23, 2022
    risk 0.00cvss epss 0.02

    Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

Page 4 of 4