Vulnerabilities > Lfprojects

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-6977 Unspecified vulnerability in Lfprojects Mlflow
This vulnerability enables malicious users to read sensitive files on the server.
network
low complexity
lfprojects
7.5
2023-12-19 CVE-2023-6940 Unspecified vulnerability in Lfprojects Mlflow
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
network
low complexity
lfprojects
8.8
2023-12-18 CVE-2023-6909 Unspecified vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
7.5
2023-12-15 CVE-2023-6831 Path Traversal vulnerability in Lfprojects Mlflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects CWE-22
8.1
2023-12-13 CVE-2023-6753 Unspecified vulnerability in Lfprojects Mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
8.8
2023-12-12 CVE-2023-6709 Unspecified vulnerability in Lfprojects Mlflow
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
network
low complexity
lfprojects
8.8
2023-12-07 CVE-2023-6568 Cross-site Scripting vulnerability in Lfprojects Mlflow
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests.
network
low complexity
lfprojects CWE-79
6.1
2023-12-05 CVE-2023-43472 Unspecified vulnerability in Lfprojects Mlflow
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
network
low complexity
lfprojects
7.5
2023-11-16 CVE-2023-6014 Unspecified vulnerability in Lfprojects Mlflow
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
network
low complexity
lfprojects
critical
9.8
2023-11-16 CVE-2023-6015 Unspecified vulnerability in Lfprojects Mlflow
MLflow allowed arbitrary files to be PUT onto the server.
network
low complexity
lfprojects
7.5