GHSA-wv8q-4f85-2p8p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wv8q-4f85-2p8p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-wv8q-4f85-2p8p/GHSA-wv8q-4f85-2p8p.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wv8q-4f85-2p8p
- Aliases
- Published
- 2023-12-20T06:30:25Z
- Modified
- 2024-01-02T05:57:28.136089Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- MLflow Path Traversal Vulnerability
- Details
-
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2023-12-20T06:15:45Z", "github_reviewed": true, "cwe_ids": [ "CWE-434" ], "github_reviewed_at": "2023-12-20T20:36:28Z" }- References
Affected packages
PyPI / mlflow
Package
- Name
- mlflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/mlflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.9.2
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1