Количество 2
Количество 2
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
GHSA-m49c-5c52-6696
mlflow vulnerable to Path Traversal
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-1594 A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| GHSA-m49c-5c52-6696 mlflow vulnerable to Path Traversal | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу