Y4Ppiefluo

**Name of the Vulnerable Software and Affected Versions** mlflow versions prior to 2.0.1 **Description** A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the `path` parameter. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/get-artifact" API endpoint until a patch is available. Avoid using the `path` parameter in the affected API endpoint until the issue is resolved.