Latest version: v2.12.2
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-6709 | 62995 |
mlflow 2.9.2 addresses an Improper Neutralization of Special Elements… |
|
HIGH | 8.8 |
| CVE-2023-6753 | 62996 |
Mlflow 2.9.2 fixes for Windows Path Traversal attack. #NOTE: This vu… |
|
HIGH | 8.8 |
| CVE-2023-6568 | 62994 |
mlflow 2.9.2 addresses a vulnerability that allows an attacker to inj… |
|
MEDIUM | 6.1 |
| CVE-2023-6018 | 62992 |
MLflow version 2.9.0 addresses a vulnerability that previously allowe… |
|
CRITICAL | 9.8 |
| CVE-2023-6015 | 62990 |
MLflow 2.8.1 includes a fix for CVE-2023-6015: Mlflow allowed arbitra… |
|
HIGH | 7.5 |
| CVE-2023-43472 | 62993 |
An issue in MLFlow versions 2.8.1 and before allows a remote attacker… |
|
HIGH | 7.5 |
| CVE-2023-6014 | 62991 |
MLflow version 2.8.0 addresses a vulnerability that previously allowe… |
|
CRITICAL | 9.8 |
| CVE-2023-4033 | 60599 |
Mlflow 2.6.0 includes a fix for a Command Injection vulnerability. h… |
|
HIGH | 7.8 |
| CVE-2023-3765 | 60598 |
Mlflow 2.6.0 includes a fix for CVE-2023-3765: Multiple path traversa… |
|
CRITICAL | 10.0 |
| PVE-2023-58982 | 58982 |
Mlflow 2.4.1 includes a fix for a local file inclusion vulnerability.… |
|
HIDDEN | X.Y |
| CVE-2023-2356 | 60592 |
Mlflow 2.3.1 includes a fix for a Relative Path Traversal vulnerabili… |
|
HIGH | 7.5 |
| PVE-2023-58929 | 58929 |
Mlflow 2.3.1 includes a fix for LFI vulnerability by disabling the ab… |
|
- | - |
| CVE-2023-2780 | 60590 |
Mlflow 2.3.0 includes a fix for a Path Traversal vulnerability. http… |
|
CRITICAL | 9.8 |
| CVE-2023-1177 | 55009 |
Mlflow 2.2.1 includes a fix for CVE-2023-1177: Path Traversal: '\..\f… |
|
CRITICAL | 9.8 |
| CVE-2023-1176 | 55010 |
Mlflow 2.2.1 includes a fix for CVE-2023-1176: Remote file existence … |
|
LOW | 3.3 |
| CVE-2024-1135 | 70904 |
Mlflow version 2.12.2 updates its gunicorn dependency to version 22 t… |
|
- | - |
| PVE-2024-67933 | 67933 |
Mlflow 2.12.0 has implemented a security patch to address a critical … |
|
- | - |
| CVE-2024-22300 | 68486 |
Insufficient sanitization in MLflow leads to XSS when running a recip… |
|
- | - |
| CVE-2023-49815 | 68487 |
Insufficient sanitization in MLflow leads to XSS when running an untr… |
|
- | - |
| CVE-2023-30172 | 60591 |
Mlflow 2.0.0rc0 includes a fix for a Directory Traversal vulnerabilit… |
|
HIGH | 7.5 |
| CVE-2023-6977 | 65222 |
This vulnerability enables malicious users to read sensitive files on… |
|
HIGH | 7.5 |
| CVE-2023-6909 | 65217 |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow pri… |
|
HIGH | 7.5 |
| CVE-2023-6974 | 65219 |
A malicious user could use this issue to access internal HTTP(s) serv… |
|
CRITICAL | 9.8 |
| CVE-2023-6940 | 65218 |
with only one user interaction(download a malicious config), attacker… |
|
HIGH | 8.8 |
| CVE-2023-6975 | 65220 |
A malicious user could use this issue to get command execution on the… |
|
CRITICAL | 9.8 |
| CVE-2023-6976 | 65221 |
This vulnerability is capable of writing arbitrary files into arbitra… |
|
HIGH | 8.8 |
| CVE-2023-6831 | 65216 |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow pri… |
|
HIGH | 8.1 |
| CVE-2022-0736 | 54175 |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1… |
|
HIGH | 7.5 |