CVE-2023-6977: Path Traversal: '\..\filename'

December 20, 2023

This vulnerability enables malicious users to read sensitive files on the server.

References

github.com/advisories/GHSA-qg8p-32gr-gh6x
github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c
huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf
nvd.nist.gov/vuln/detail/CVE-2023-6977

Detect and mitigate CVE-2023-6977 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →