Vulnerabilities > Lfprojects > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-3099 Unspecified vulnerability in Lfprojects Mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding.
network
low complexity
lfprojects
5.4
5.4
2023-12-07 CVE-2023-6568 Cross-site Scripting vulnerability in Lfprojects Mlflow
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests.
network
low complexity
lfprojects CWE-79
6.1
6.1