CVE-2023-2356: Relative path traversal in mlflow
(updated )
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
References
- github.com/advisories/GHSA-x422-6qhv-p29g
- github.com/mlflow/mlflow
- github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-68.yaml
- huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896
- nvd.nist.gov/vuln/detail/CVE-2023-2356
Detect and mitigate CVE-2023-2356 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →