Vulnerabilities > Lfprojects
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-06 | CVE-2024-0520 | Path Traversal vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. | 8.8 |
2024-06-06 | CVE-2024-2928 | Path Traversal vulnerability in Lfprojects Mlflow A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. | 7.5 |
2024-06-06 | CVE-2024-3099 | Unspecified vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. | 5.4 |
2024-01-11 | CVE-2024-22194 | Unspecified vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. | 2.8 |
2023-12-20 | CVE-2023-6974 | Unspecified vulnerability in Lfprojects Mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 |
2023-12-20 | CVE-2023-6975 | Unspecified vulnerability in Lfprojects Mlflow A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 9.8 |
2023-12-20 | CVE-2023-6976 | Unspecified vulnerability in Lfprojects Mlflow This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | 8.8 |
2023-12-20 | CVE-2023-6977 | Unspecified vulnerability in Lfprojects Mlflow This vulnerability enables malicious users to read sensitive files on the server. | 7.5 |
2023-12-19 | CVE-2023-6940 | Unspecified vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |
2023-12-18 | CVE-2023-6909 | Unspecified vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 |