Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mlflow
(Lfprojects)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-18 | CVE-2023-6909 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | Mlflow | 7.5 | ||
| 2023-12-20 | CVE-2023-6975 | A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | Mlflow | 9.8 | ||
| 2023-12-19 | CVE-2023-6940 | with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | Mlflow | 8.8 | ||
| 2023-12-20 | CVE-2023-6974 | A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | Mlflow | 9.8 | ||
| 2023-12-20 | CVE-2023-6976 | This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | Mlflow | 8.8 | ||
| 2023-12-20 | CVE-2023-6977 | This vulnerability enables malicious users to read sensitive files on the server. | Mlflow | 7.5 | ||
| 2023-12-13 | CVE-2023-6753 | Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | Mlflow | 8.8 | ||
| 2023-12-12 | CVE-2023-6709 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | Mlflow | 8.8 | ||
| 2023-12-05 | CVE-2023-43472 | An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | Mlflow | 7.5 | ||
| 2023-11-16 | CVE-2023-6015 | MLflow allowed arbitrary files to be PUT onto the server. | Mlflow | 7.5 |