mlflow@2.11.1 vulnerabilities
MLflow is an open source platform for the complete machine learning lifecycle
-
latest version
2.12.1
-
first published
6 years ago
-
latest version published
22 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper validation of the How to fix Path Traversal? Upgrade |
[,2.12.1)
|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the How to fix Path Traversal? There is no fixed version for |
[0,)
|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the server's handlers. An attacker can access arbitrary files on the server by crafting a series of HTTP POST requests with specially crafted Note: This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. How to fix Path Traversal? Upgrade |
[,2.11.3)
|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper handling of URL parameters. By smuggling path traversal sequences using the How to fix Path Traversal? Upgrade |
[,2.11.3)
|
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to the handling of the Note: This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. How to fix Path Traversal? Upgrade |
[,2.12.1)
|