Vulnerabilities > Lfprojects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-6568 | Cross-site Scripting vulnerability in Lfprojects Mlflow A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. | 6.1 |
| 2023-12-05 | CVE-2023-43472 | Unspecified vulnerability in Lfprojects Mlflow An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | 7.5 |
| 2023-11-16 | CVE-2023-6014 | Unspecified vulnerability in Lfprojects Mlflow An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | 9.8 |
| 2023-11-16 | CVE-2023-6015 | Path Traversal vulnerability in Lfprojects Mlflow MLflow allowed arbitrary files to be PUT onto the server. | 7.5 |
| 2023-11-16 | CVE-2023-6018 | OS Command Injection vulnerability in Lfprojects Mlflow An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 |
| 2023-08-01 | CVE-2023-4033 | OS Command Injection vulnerability in Lfprojects Mlflow OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | 7.8 |
| 2023-07-25 | CVE-2023-38496 | Unspecified vulnerability in Lfprojects Apptainer 1.2.0 Apptainer is an open source container platform. | 3.3 |
| 2023-07-19 | CVE-2023-3765 | Absolute Path Traversal vulnerability in Lfprojects Mlflow Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 |
| 2023-05-17 | CVE-2023-2780 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | 9.8 |
| 2023-05-11 | CVE-2023-30172 | Path Traversal vulnerability in Lfprojects Mlflow A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | 7.5 |