Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfprojects mlflow vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow before 2.9.2.
Lfprojects Mlflow
8.8
CVSSv3
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow before 2.9.2.
Lfprojects Mlflow
7.5
CVSSv3
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow before 2.3.1.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.3.1.
Lfprojects Mlflow
10
CVSSv3
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow before 2.5.0.
Lfprojects Mlflow
7.5
CVSSv3
CVE-2022-0736
Insecure Temporary File in GitHub repository mlflow/mlflow before 1.23.1.
Lfprojects Mlflow
3.3
CVSSv3
CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow before 2.2.2.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.2.1.
Lfprojects Mlflow
3 Github repositories
6.1
CVSSv3
CVE-2023-6568
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly refle...
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
Lfprojects Mlflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »