Vulnerabilities > Lfprojects > Mlflow > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-6975 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 9.8 |
| 2023-12-20 | CVE-2023-6974 | Server-Side Request Forgery (SSRF) vulnerability in Lfprojects Mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 |
| 2023-11-16 | CVE-2023-6014 | Unspecified vulnerability in Lfprojects Mlflow An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | 9.8 |
| 2023-11-16 | CVE-2023-6018 | OS Command Injection vulnerability in Lfprojects Mlflow An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 |
| 2023-07-19 | CVE-2023-3765 | Absolute Path Traversal vulnerability in Lfprojects Mlflow Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 |
| 2023-05-17 | CVE-2023-2780 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | 9.8 |
| 2023-03-24 | CVE-2023-1177 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.8 |