CRITICAL 10.0 PyPI
MLflow Path Traversal vulnerability
GHSA-fmxj-6h9g-6vw3 · BIT-mlflow-2023-3765 · CVE-2023-3765 · PYSEC-2023-308
Published · Modified
Description
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-3765
- WEB https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
- PACKAGE https://github.com/mlflow/mlflow
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-308.yaml
- WEB https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76
Ready to move
Start Securing
Free, no credit card | First findings in minutes