CVE-2023-2780

Path Traversal: '\..\filename' in mlflow/mlflow

CVSS 9.8 CRITICALEPSS 6.3%CWE-29

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

mlflow · mlflow/mlflow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857 https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689