Vulnerabilities > Lfprojects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-16 | CVE-2024-1558 | Unspecified vulnerability in Lfprojects Mlflow A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. | 7.5 |
| 2024-04-16 | CVE-2024-1560 | Unspecified vulnerability in Lfprojects Mlflow A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. | 8.1 |
| 2024-04-16 | CVE-2024-1593 | Unspecified vulnerability in Lfprojects Mlflow A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. | 7.5 |
| 2024-04-16 | CVE-2024-1594 | Unspecified vulnerability in Lfprojects Mlflow A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. | 7.5 |
| 2024-04-16 | CVE-2024-3573 | Path Traversal vulnerability in Lfprojects Mlflow mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. | 9.3 |
| 2024-02-26 | CVE-2024-27093 | Unspecified vulnerability in Lfprojects Minder Minder is a Software Supply Chain Security Platform. | 7.5 |
| 2024-02-23 | CVE-2024-27132 | Unspecified vulnerability in Lfprojects Mlflow Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. | 9.6 |
| 2024-02-23 | CVE-2024-27133 | Unspecified vulnerability in Lfprojects Mlflow Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. | 9.6 |
| 2024-01-11 | CVE-2024-22194 | Unspecified vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. | 2.8 |
| 2023-12-20 | CVE-2023-6974 | Unspecified vulnerability in Lfprojects Mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 |