CVE-2023-6976: Unrestricted Upload of File with Dangerous Type

December 20, 2023

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.

References

github.com/advisories/GHSA-wv8q-4f85-2p8p
github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f
nvd.nist.gov/vuln/detail/CVE-2023-6976

Detect and mitigate CVE-2023-6976 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →