CVE-2024-1593

Name of the Vulnerable Software and Affected Versions mlflow/mlflow (affected versions not specified)

Description A path traversal issue exists due to improper handling of URL parameters. Attackers can manipulate the 'params' portion of the URL by smuggling path traversal sequences using the ';' character, allowing unauthorized access to files or directories. This enables arbitrary data smuggling into the 'params' part of the URL, leading to potential unauthorized information disclosure or server compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.