Vulnerability Database
Blog
FAQ
Docs
PYSEC-2022-28
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2022-28.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2022-28
Aliases
BIT-mlflow-2022-0736
CVE-2022-0736
GHSA-vqj2-4v8m-8vrq
Published
2022-02-23T09:15:00Z
Modified
2023-12-06T00:46:47.133420Z
Summary
[none]
Details
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
References
https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75
https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711
https://github.com/advisories/GHSA-vqj2-4v8m-8vrq
Affected packages
PyPI
/
mlflow
Package
Name
mlflow
View open source insights on deps.dev
Purl
pkg:pypi/mlflow
Affected ranges
Type
GIT
Repo
https://github.com/mlflow/mlflow
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
61984e6843d2e59235d82a580c529920cd8f3711
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.23.1
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
PYSEC-2022-28 - OSV