BIT-mlflow-2023-6976

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mlflow/BIT-mlflow-2023-6976.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-mlflow-2023-6976
Aliases
Published
2024-03-06T10:56:16.395Z
Modified
2025-05-20T10:02:07.006Z
Summary
Unrestricted Upload of File with Dangerous Type
Details

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.

Database specific 
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / mlflow

Package

Name
mlflow
Purl
pkg:bitnami/mlflow

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mlflow/BIT-mlflow-2023-6976.json"