Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal Vulnerability in mlflow/mlflow
Vulnerability Description
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mlflow 路径遍历漏洞
Vulnerability Description
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 2.9.2版本存在路径遍历漏洞,该漏洞源于无法正确清理用户提供的路径,允许攻击者删除服务器文件系统上的任意目录。
CVSS Information
N/A
Vulnerability Type
N/A