Vulnerabilities > Lfprojects > Mlflow > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-06 | CVE-2024-0520 | Path Traversal vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. | 8.8 |
2024-06-06 | CVE-2024-2928 | Path Traversal vulnerability in Lfprojects Mlflow A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. | 7.5 |
2023-12-20 | CVE-2023-6976 | Unrestricted Upload of File with Dangerous Type vulnerability in Lfprojects Mlflow This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | 8.8 |
2023-12-20 | CVE-2023-6977 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow This vulnerability enables malicious users to read sensitive files on the server. | 7.5 |
2023-12-19 | CVE-2023-6940 | Command Injection vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |
2023-12-18 | CVE-2023-6909 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 |
2023-12-15 | CVE-2023-6831 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.1 |
2023-12-13 | CVE-2023-6753 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |
2023-12-12 | CVE-2023-6709 | Unspecified vulnerability in Lfprojects Mlflow Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |
2023-12-05 | CVE-2023-43472 | Unspecified vulnerability in Lfprojects Mlflow An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | 7.5 |