Vulnerabilities > Lfprojects > Mlflow > 2.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-23 | CVE-2024-27132 | Unspecified vulnerability in Lfprojects Mlflow Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. | 9.6 |
| 2024-02-23 | CVE-2024-27133 | Unspecified vulnerability in Lfprojects Mlflow Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. | 9.6 |
| 2023-12-20 | CVE-2023-6974 | Unspecified vulnerability in Lfprojects Mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 |
| 2023-12-20 | CVE-2023-6975 | Unspecified vulnerability in Lfprojects Mlflow A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 9.8 |
| 2023-12-20 | CVE-2023-6976 | Unspecified vulnerability in Lfprojects Mlflow This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | 8.8 |
| 2023-12-20 | CVE-2023-6977 | Unspecified vulnerability in Lfprojects Mlflow This vulnerability enables malicious users to read sensitive files on the server. | 7.5 |
| 2023-12-19 | CVE-2023-6940 | Unspecified vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |
| 2023-12-18 | CVE-2023-6909 | Unspecified vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 |
| 2023-12-15 | CVE-2023-6831 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.1 |
| 2023-12-13 | CVE-2023-6753 | Unspecified vulnerability in Lfprojects Mlflow Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |