Mlflow
by Mlflow
Source repositories
CVEs (76)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6940 | 0.00 | — | 0.01 | Dec 19, 2023 | with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | |||
| CVE-2023-6909 | 0.00 | — | 0.90 | Dec 18, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||
| CVE-2023-6831 | 0.00 | — | 0.03 | Dec 15, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||
| CVE-2023-6753 | 0.00 | — | 0.01 | Dec 13, 2023 | Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | |||
| CVE-2023-6709 | 0.00 | — | 0.01 | Dec 12, 2023 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | |||
| CVE-2023-6568 | 0.00 | — | 0.02 | Dec 7, 2023 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly… | |||
| CVE-2023-6014 | 0.00 | — | 0.01 | Nov 16, 2023 | An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | |||
| CVE-2023-6015 | 0.00 | — | 0.04 | Nov 16, 2023 | MLflow allowed arbitrary files to be PUT onto the server. | |||
| CVE-2023-6018 | 0.00 | — | 0.48 | Nov 16, 2023 | An attacker can overwrite any file on the server hosting MLflow without any authentication. | |||
| CVE-2023-4033 | 0.00 | — | 0.01 | Aug 1, 2023 | OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | |||
| CVE-2023-3765 | 0.00 | — | 0.71 | Jul 19, 2023 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||
| CVE-2023-2780 | 0.00 | — | 0.06 | May 17, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | |||
| CVE-2023-2356 | 0.00 | — | 0.04 | Apr 28, 2023 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | |||
| CVE-2023-1176 | 0.00 | — | 0.01 | Mar 24, 2023 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | |||
| CVE-2023-1177 | 0.00 | — | 0.69 | Mar 24, 2023 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | |||
| CVE-2022-0736 | 0.00 | — | 0.02 | Feb 23, 2022 | Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. |
- CVE-2023-6940Dec 19, 2023risk 0.00cvss —epss 0.01
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
- CVE-2023-6909Dec 18, 2023risk 0.00cvss —epss 0.90
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
- CVE-2023-6831Dec 15, 2023risk 0.00cvss —epss 0.03
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
- CVE-2023-6753Dec 13, 2023risk 0.00cvss —epss 0.01
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
- CVE-2023-6709Dec 12, 2023risk 0.00cvss —epss 0.01
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
- CVE-2023-6568Dec 7, 2023risk 0.00cvss —epss 0.02
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly…
- CVE-2023-6014Nov 16, 2023risk 0.00cvss —epss 0.01
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
- CVE-2023-6015Nov 16, 2023risk 0.00cvss —epss 0.04
MLflow allowed arbitrary files to be PUT onto the server.
- CVE-2023-6018Nov 16, 2023risk 0.00cvss —epss 0.48
An attacker can overwrite any file on the server hosting MLflow without any authentication.
- CVE-2023-4033Aug 1, 2023risk 0.00cvss —epss 0.01
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
- CVE-2023-3765Jul 19, 2023risk 0.00cvss —epss 0.71
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
- CVE-2023-2780May 17, 2023risk 0.00cvss —epss 0.06
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2023-2356Apr 28, 2023risk 0.00cvss —epss 0.04
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
- CVE-2023-1176Mar 24, 2023risk 0.00cvss —epss 0.01
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
- CVE-2023-1177Mar 24, 2023risk 0.00cvss —epss 0.69
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
- CVE-2022-0736Feb 23, 2022risk 0.00cvss —epss 0.02
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
Page 4 of 4