CRITICAL 9.8 PyPI
mlflow Path Traversal vulnerability
GHSA-wjq3-7jxx-whj9 · BIT-mlflow-2023-2780 · CVE-2023-2780 · PYSEC-2023-69
Published · Modified
Description
mlflow prior to 2.3.0 is vulnerable to path traversal due to a bypass of the fix for CVE-2023-1177.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-2780
- WEB https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- PACKAGE https://github.com/mlflow/mlflow
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-69.yaml
- WEB https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
Ready to move
Start Securing
Free, no credit card | First findings in minutes