Vulnerabilities > Lfprojects

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-6831 Path Traversal vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects CWE-22
8.1
2023-12-13 CVE-2023-6753 Unspecified vulnerability in Lfprojects Mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
8.8
2023-12-12 CVE-2023-6709 Unspecified vulnerability in Lfprojects Mlflow
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
8.8
2023-12-07 CVE-2023-6568 Cross-site Scripting vulnerability in Lfprojects Mlflow
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests.
network
low complexity
lfprojects CWE-79
6.1
2023-12-05 CVE-2023-43472 Unspecified vulnerability in Lfprojects Mlflow
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
network
low complexity
lfprojects
7.5
2023-11-16 CVE-2023-6014 Unspecified vulnerability in Lfprojects Mlflow
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
network
low complexity
lfprojects
critical
9.8
2023-11-16 CVE-2023-6015 Unspecified vulnerability in Lfprojects Mlflow
MLflow allowed arbitrary files to be PUT onto the server.
network
low complexity
lfprojects
7.5
2023-11-16 CVE-2023-6018 Unspecified vulnerability in Lfprojects Mlflow
An attacker can overwrite any file on the server hosting MLflow without any authentication.
network
low complexity
lfprojects
critical
9.8
2023-08-01 CVE-2023-4033 Unspecified vulnerability in Lfprojects Mlflow
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
local
low complexity
lfprojects
7.8
2023-07-25 CVE-2023-38496 Unspecified vulnerability in Lfprojects Apptainer 1.2.0
Apptainer is an open source container platform.
local
low complexity
lfprojects
3.3