Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal via Parameter Smuggling in mlflow/mlflow
Vulnerability Description
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mlflow 路径遍历漏洞
Vulnerability Description
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 存在路径遍历漏洞,该漏洞源于对 URL 参数处理不当。攻击者利用该漏洞可以获得对文件或目录的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A