Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / mlflow / CVE-2023-6909.yaml
CVE-2023-6909.yaml
 1  info:
 2    name: mlflow
 3    cve: CVE-2023-6909
 4    summary: MLflow Path Traversal Vulnerability
 5    details: |
 6      Path Traversal vulnerability in GitHub repository mlflow/mlflow prior to version 2.9.2 allows attackers to traverse directories using '\\..\\filename'.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade to mlflow version 2.9.2 or higher.
11      2. Review and update file handling logic to prevent path traversal attacks.
12      3. Regularly update dependencies and conduct security audits.
13  rule: version < "2.9.2"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2023-6909
16    - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
17    - https://github.com/mlflow/mlflow
18    - https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-252.yaml
19    - https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850