Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mlflow
(Lfprojects)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-23 | CVE-2024-27132 | Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. | Mlflow | 9.6 | ||
| 2024-02-23 | CVE-2024-27133 | Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields. | Mlflow | 9.6 | ||
| 2022-02-23 | CVE-2022-0736 | Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | Mlflow | 7.5 | ||
| 2023-03-24 | CVE-2023-1176 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | Mlflow | 3.3 | ||
| 2023-03-24 | CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | Mlflow | 9.8 | ||
| 2023-04-28 | CVE-2023-2356 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | Mlflow | 7.5 | ||
| 2023-05-17 | CVE-2023-2780 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | Mlflow | 9.8 | ||
| 2023-07-19 | CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | Mlflow | 10.0 | ||
| 2023-08-01 | CVE-2023-4033 | OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | Mlflow | 7.8 | ||
| 2023-11-16 | CVE-2023-6015 | MLflow allowed arbitrary files to be PUT onto the server. | Mlflow | 7.5 |