Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local File Read via Path Traversal in mlflow/mlflow
Vulnerability Description
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mlflow 路径遍历漏洞
Vulnerability Description
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 2.9.2版本存在路径遍历漏洞,攻击者利用该漏洞可以在服务器进程的上下文中读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A