Vulnerabilities > Lfprojects > Mlflow > 1.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-6974 Server-Side Request Forgery (SSRF) vulnerability in Lfprojects Mlflow
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
network
low complexity
lfprojects CWE-918
critical
 9.8
9.8
2023-12-20 CVE-2023-6975 Path Traversal: '..filename' vulnerability in Lfprojects Mlflow
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
network
low complexity
lfprojects CWE-29
critical
 9.8
9.8
2023-12-20 CVE-2023-6976 Unrestricted Upload of File with Dangerous Type vulnerability in Lfprojects Mlflow
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
network
low complexity
lfprojects CWE-434
8.8
8.8
2023-12-20 CVE-2023-6977 Path Traversal: '..filename' vulnerability in Lfprojects Mlflow
This vulnerability enables malicious users to read sensitive files on the server.
network
low complexity
lfprojects CWE-29
7.5
7.5
2023-12-19 CVE-2023-6940 Command Injection vulnerability in Lfprojects Mlflow
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
network
low complexity
lfprojects CWE-77
8.8
8.8
2023-12-18 CVE-2023-6909 Path Traversal: '..filename' vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects CWE-29
7.5
7.5
2023-12-15 CVE-2023-6831 Path Traversal vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects CWE-22
8.1
8.1
2023-12-13 CVE-2023-6753 Path Traversal vulnerability in Lfprojects Mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects CWE-22
8.8
8.8
2023-12-12 CVE-2023-6709 Unspecified vulnerability in Lfprojects Mlflow
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
8.8
8.8
2023-12-07 CVE-2023-6568 Cross-site Scripting vulnerability in Lfprojects Mlflow
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests.
network
low complexity
lfprojects CWE-79
6.1
6.1