mlflow/mlflow

unspecified

OTHER 31 CVEs

latest

OTHER 9 CVEs

CVE-2023-6975

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

CRITICAL Dec 20, 2023

CVE-2023-6974

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

HIGH Dec 20, 2023

CVE-2023-6831

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

HIGH Dec 15, 2023

CVE-2023-4033

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.

HIGH Aug 01, 2023

CVE-2023-3765

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

CRITICAL Jul 19, 2023

CVE-2023-2780

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

CRITICAL May 17, 2023

CVE-2023-2356

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

CRITICAL Apr 28, 2023

CVE-2023-1176

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

MEDIUM Mar 24, 2023

CVE-2023-1177

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

CRITICAL Mar 24, 2023

CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

HIGH Feb 23, 2022