CVE-2023-2780: mlflow Path Traversal vulnerability
(updated )
mlflow prior to 2.3.0 is vulnerable to path traversal due to a bypass of the fix for CVE-2023-1177.
References
- github.com/advisories/GHSA-wjq3-7jxx-whj9
- github.com/mlflow/mlflow
- github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-69.yaml
- huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
- nvd.nist.gov/vuln/detail/CVE-2023-2780
Detect and mitigate CVE-2023-2780 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →