CVE-2023-4033: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

August 1, 2023 (updated August 13, 2023)

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.

References

github.com/advisories/GHSA-ffw3-6378-cqgp
github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321
nvd.nist.gov/vuln/detail/CVE-2023-4033

Detect and mitigate CVE-2023-4033 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →