CVE-2023-6831: Path Traversal: '\..\filename'

December 15, 2023

Path Traversal: ‘..\filename’ in GitHub repository mlflow/mlflow prior to 2.9.2.

References

github.com/advisories/GHSA-554w-xh4j-8w64
github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
nvd.nist.gov/vuln/detail/CVE-2023-6831

Detect and mitigate CVE-2023-6831 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →