Vulnerabilities > Lfprojects

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-0520 Path Traversal vulnerability in Lfprojects Mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module.
network
low complexity
lfprojects CWE-22
8.8
2024-06-06 CVE-2024-2928 Path Traversal vulnerability in Lfprojects Mlflow
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3.
network
low complexity
lfprojects CWE-22
7.5
2024-06-06 CVE-2024-3099 Unspecified vulnerability in Lfprojects Mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding.
network
low complexity
lfprojects
5.4
2024-01-11 CVE-2024-22194 Unspecified vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs.
local
low complexity
lfprojects
2.8
2023-12-20 CVE-2023-6974 Unspecified vulnerability in Lfprojects Mlflow
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
network
low complexity
lfprojects
critical
9.8
2023-12-20 CVE-2023-6975 Unspecified vulnerability in Lfprojects Mlflow
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
network
low complexity
lfprojects
critical
9.8
2023-12-20 CVE-2023-6976 Unspecified vulnerability in Lfprojects Mlflow
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
network
low complexity
lfprojects
8.8
2023-12-20 CVE-2023-6977 Unspecified vulnerability in Lfprojects Mlflow
This vulnerability enables malicious users to read sensitive files on the server.
network
low complexity
lfprojects
7.5
2023-12-19 CVE-2023-6940 Unspecified vulnerability in Lfprojects Mlflow
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
network
low complexity
lfprojects
8.8
2023-12-18 CVE-2023-6909 Unspecified vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
7.5