B-Step62

#16082of 53,624
16.8Total CVSS
Vulnerabilities · 2
High
2
PT-2023-32817
8.7
2023-12-18
Mlflow · Mlflow · CVE-2023-6909
**Name of the Vulnerable Software and Affected Versions** mlflow versions prior to 2.9.2 **Description** The issue concerns a path traversal vulnerability. It involves the use of '..filename' in the GitHub repository mlflow/mlflow. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.
PT-2023-32782
8.1
2023-12-14
Mlflow · Mlflow · CVE-2023-6831
**Name of the Vulnerable Software and Affected Versions** mlflow/mlflow versions prior to 2.9.2 **Description** The issue is related to a Path Traversal vulnerability, where the sequence '..filename' can be used to access files outside the intended directory. This vulnerability is present in the mlflow/mlflow GitHub repository. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.