Safety vulnerability ID: 71588
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to sanitize user-supplied paths properly. The issue is present on affected versions, despite attempts to fix a similar issue in CVE-2023-6831.
Latest version: 2.19.0
MLflow is an open source platform for the complete machine learning lifecycle
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application