Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mlflow
(Lfprojects)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-16 | CVE-2023-6018 | An attacker can overwrite any file on the server hosting MLflow without any authentication. | Mlflow | 9.8 | ||
| 2023-11-16 | CVE-2023-6014 | An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | Mlflow | 9.8 | ||
| 2023-03-24 | CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | Mlflow | 9.8 | ||
| 2023-08-01 | CVE-2023-4033 | OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | Mlflow | 7.8 | ||
| 2023-07-19 | CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | Mlflow | 10.0 | ||
| 2022-02-23 | CVE-2022-0736 | Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | Mlflow | 7.5 | ||
| 2023-05-17 | CVE-2023-2780 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | Mlflow | 9.8 | ||
| 2023-05-11 | CVE-2023-30172 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | Mlflow | 7.5 | ||
| 2023-04-28 | CVE-2023-2356 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | Mlflow | 7.5 | ||
| 2023-03-24 | CVE-2023-1176 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | Mlflow | 3.3 |