mlflow 2.11.2 vulnerabilities

Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Missing Input Length Validation mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Input Length Validation in the `experiment_name` - passed to the `run_name()` function - and `artifact_location` parameters. An attacker can cause the UI panel to become unresponsive by passing in an experiment name including a large number of integers. How to fix Missing Input Length Validation? There is no fixed version for `mlflow`.	[0,)
H Allocation of Resources Without Limits or Throttling mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in `handlers.py`, which is exploitable over the `/graphql` endpoint. An attacker can occupy all available workers and make the server unresponsive to other connections by sending large batches of GraphQL queries that repeatedly request all runs from a given experiment and stay in a pending state. Experiments configured to have a large number of runs are vulnerable. How to fix Allocation of Resources Without Limits or Throttling? There is no fixed version for `mlflow`.	[0,)
M Weak Password Requirements mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Weak Password Requirements due to the lack of enforcement on password creation during new user account setup. An attacker can gain unauthorized access to the system by exploiting accounts created without passwords. How to fix Weak Password Requirements? Upgrade `mlflow` to version 2.19.0rc0 or higher.	[,2.19.0rc0)
M Cross-site Request Forgery (CSRF) mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the `Signup` feature. An attacker can create a new account, which may be used to perform unauthorized actions on behalf of the malicious user. How to fix Cross-site Request Forgery (CSRF)? Upgrade `mlflow` to version 2.20.2 or higher.	[,2.20.2)
H Relative Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Relative Path Traversal in the `_validate_non_local_source_contains_relative_paths()` function. An application is vulnerable when the `dbfs` service is configured and mounted to a local directory rather than Databricks. An attacker can read arbitrary files by manipulating the URL used in the `file:` protocol, which fails to properly sanitize input beyond the path, such as query and parameters. How to fix Relative Path Traversal? Upgrade `mlflow` to version 2.17.0rc0 or higher.	[,2.17.0rc0)
H Time-of-check Time-of-use (TOCTOU) Race Condition mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to excessive directory permissions when the `spark_udf()` MLflow API is called. An attacker can gain elevated permissions by exploiting this vulnerability. How to fix Time-of-check Time-of-use (TOCTOU) Race Condition? Upgrade `mlflow` to version 2.16.0 or higher.	[,2.16.0)
H Arbitrary Code Injection mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the autologin method that allows injection of the MLflow callback into the user's callback list. This can lead to failures of `predict_stream`, `ainvoke`, `astream`, and `abatch` calls when configurations are specified. How to fix Arbitrary Code Injection? Upgrade `mlflow` to version 2.15.0 or higher.	[,2.15.0)
M Undefined Behavior mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Undefined Behavior due to inadequate validation of model names. An attacker can disrupt service or poison data models by creating multiple entries under the same name, exploiting URL encoding differences. How to fix Undefined Behavior? Upgrade `mlflow` to version 2.11.3 or higher.	[,2.11.3)
H Improper Access Control mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Access Control through the URI fragment parsing process. An attacker can read arbitrary files on the local file system by manipulating the fragment part of the URI to include directory traversal sequences such as `../`. How to fix Improper Access Control? Upgrade `mlflow` to version 2.11.3 or higher.	[,2.11.3)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `load` function in the `BaseCard` class within the `recipes/cards/__init__.py` file. An attacker can execute arbitrary code on the target system by creating an MLProject Recipe containing a malicious pickle file (e.g. `pickle.pkl`) and a python script that calls `BaseCard.load(pickle.pkl)`. The pickle file will be deserialized when the project is run. Note: If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.27.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `mlflow/pytorch/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[0.5.0,)
H Improper Control of Generation of Code ('Code Injection') mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the `_run_entry_point` function in the `projects/backend/local.py` file. An attacker can execute arbitrary code on the victim's system by submitting a maliciously crafted MLproject file. How to fix Improper Control of Generation of Code ('Code Injection')? There is no fixed version for `mlflow`.	[1.11.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_from_pickle` function in the `mlflow/langchain/utils.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[2.5.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_custom_objects` function in the `mlflow/tensorflow/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[2.0.0rc0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `mlflow/lightgbm/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.23.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model` function in the `pmdarima/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.24.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_model_from_local_file` function in the `sklearn/__init__.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model, which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[1.1.0,)
H Deserialization of Untrusted Data mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_load_pyfunc` function in the `mlflow/pyfunc/model.py` file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `mlflow`.	[0.9.0,)
M Improper Access Control mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Access Control due to improper validation for `DELETE` requests for `EDIT` user permission. A low privilege attacker can delete artefacts without permission. How to fix Improper Access Control? Upgrade `mlflow` to version 2.12.1 or higher.	[,2.12.1)
H Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper validation of the `source` parameter within the `_create_model_version` function. An attacker can gain arbitrary file read access on the server by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function's checks. This issue stems from the handling of unquoted URL characters and the misuse of the original `source` value for model version creation, leading to the exposure of sensitive files when interacting with the `/model-versions/get-artifact` handler. How to fix Path Traversal? Upgrade `mlflow` to version 2.12.1 or higher.	[,2.12.1)
H Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function. This vulnerability arises from an additional unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to adequately prevent path traversal sequences. How to fix Path Traversal? There is no fixed version for `mlflow`.	[0,)
H Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the server's handlers. An attacker can access arbitrary files on the server by crafting a series of HTTP POST requests with specially crafted `artifact_location` and `source` parameters, using a local URI with the `#` component. Note: This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. How to fix Path Traversal? Upgrade `mlflow` to version 2.11.3 or higher.	[,2.11.3)
H Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to improper handling of URL parameters. By smuggling path traversal sequences using the `;` character in URLs, attackers can manipulate the `params` portion of the URL to gain unauthorized access to files or directories. How to fix Path Traversal? Upgrade `mlflow` to version 2.11.3 or higher.	[,2.11.3)
H Path Traversal mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Path Traversal due to the handling of the `artifact_location` parameter when creating an experiment. An attacker can read arbitrary files on the server in the context of the server's process by using a fragment component `#` in the artifact location URI. Note: This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. How to fix Path Traversal? Upgrade `mlflow` to version 2.11.3, 2.12.1 or higher.	[,2.11.3)[2.12.0,2.12.1)

Vulnerability

Vulnerable Version

Missing Input Length Validation

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Missing Input Length Validation in the experiment_name - passed to the run_name() function - and artifact_location parameters. An attacker can cause the UI panel to become unresponsive by passing in an experiment name including a large number of integers.

How to fix Missing Input Length Validation?

There is no fixed version for mlflow.

[0,)

Allocation of Resources Without Limits or Throttling

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in handlers.py, which is exploitable over the /graphql endpoint. An attacker can occupy all available workers and make the server unresponsive to other connections by sending large batches of GraphQL queries that repeatedly request all runs from a given experiment and stay in a pending state. Experiments configured to have a large number of runs are vulnerable.

How to fix Allocation of Resources Without Limits or Throttling?

There is no fixed version for mlflow.

[0,)

Weak Password Requirements

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Weak Password Requirements due to the lack of enforcement on password creation during new user account setup. An attacker can gain unauthorized access to the system by exploiting accounts created without passwords.

How to fix Weak Password Requirements?

Upgrade mlflow to version 2.19.0rc0 or higher.

[,2.19.0rc0)

Cross-site Request Forgery (CSRF)

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the Signup feature. An attacker can create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade mlflow to version 2.20.2 or higher.

[,2.20.2)

Relative Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Relative Path Traversal in the _validate_non_local_source_contains_relative_paths() function. An application is vulnerable when the dbfs service is configured and mounted to a local directory rather than Databricks. An attacker can read arbitrary files by manipulating the URL used in the file: protocol, which fails to properly sanitize input beyond the path, such as query and parameters.

How to fix Relative Path Traversal?

Upgrade mlflow to version 2.17.0rc0 or higher.

[,2.17.0rc0)

Time-of-check Time-of-use (TOCTOU) Race Condition

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to excessive directory permissions when the spark_udf() MLflow API is called. An attacker can gain elevated permissions by exploiting this vulnerability.

How to fix Time-of-check Time-of-use (TOCTOU) Race Condition?

Upgrade mlflow to version 2.16.0 or higher.

[,2.16.0)

Arbitrary Code Injection

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary Code Injection due to the autologin method that allows injection of the MLflow callback into the user's callback list. This can lead to failures of predict_stream, ainvoke, astream, and abatch calls when configurations are specified.

How to fix Arbitrary Code Injection?

Upgrade mlflow to version 2.15.0 or higher.

[,2.15.0)

Undefined Behavior

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Undefined Behavior due to inadequate validation of model names. An attacker can disrupt service or poison data models by creating multiple entries under the same name, exploiting URL encoding differences.

How to fix Undefined Behavior?

Upgrade mlflow to version 2.11.3 or higher.

[,2.11.3)

Improper Access Control

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Access Control through the URI fragment parsing process. An attacker can read arbitrary files on the local file system by manipulating the fragment part of the URI to include directory traversal sequences such as ../.

How to fix Improper Access Control?

Upgrade mlflow to version 2.11.3 or higher.

[,2.11.3)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the BaseCard class within the recipes/cards/__init__.py file. An attacker can execute arbitrary code on the target system by creating an MLProject Recipe containing a malicious pickle file (e.g. pickle.pkl) and a python script that calls BaseCard.load(pickle.pkl). The pickle file will be deserialized when the project is run.

Note:

If you are not running MLflow on a publicly accessible server, this vulnerability won't apply to you.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.27.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/pytorch/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[0.5.0,)

Improper Control of Generation of Code ('Code Injection')

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') via the _run_entry_point function in the projects/backend/local.py file. An attacker can execute arbitrary code on the victim's system by submitting a maliciously crafted MLproject file.

How to fix Improper Control of Generation of Code ('Code Injection')?

There is no fixed version for mlflow.

[1.11.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_from_pickle function in the mlflow/langchain/utils.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[2.5.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_custom_objects function in the mlflow/tensorflow/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[2.0.0rc0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the mlflow/lightgbm/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.23.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model function in the pmdarima/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.24.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_model_from_local_file function in the sklearn/__init__.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model, which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[1.1.0,)

Deserialization of Untrusted Data

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _load_pyfunc function in the mlflow/pyfunc/model.py file. An attacker can execute arbitrary code on the victim's system by injecting a malicious pickle object into a PyFunc model which will then be deserialized when the model is loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for mlflow.

[0.9.0,)

Improper Access Control

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Access Control due to improper validation for DELETE requests for EDIT user permission. A low privilege attacker can delete artefacts without permission.

How to fix Improper Access Control?

Upgrade mlflow to version 2.12.1 or higher.

[,2.12.1)

Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper validation of the source parameter within the _create_model_version function. An attacker can gain arbitrary file read access on the server by crafting a source parameter that bypasses the _validate_non_local_source_contains_relative_paths(source) function's checks. This issue stems from the handling of unquoted URL characters and the misuse of the original source value for model version creation, leading to the exposure of sensitive files when interacting with the /model-versions/get-artifact handler.

How to fix Path Traversal?

Upgrade mlflow to version 2.12.1 or higher.

[,2.12.1)

Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function. This vulnerability arises from an additional unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to adequately prevent path traversal sequences.

How to fix Path Traversal?

There is no fixed version for mlflow.

[0,)

Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the server's handlers. An attacker can access arbitrary files on the server by crafting a series of HTTP POST requests with specially crafted artifact_location and source parameters, using a local URI with the # component.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

How to fix Path Traversal?

Upgrade mlflow to version 2.11.3 or higher.

[,2.11.3)

Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper handling of URL parameters. By smuggling path traversal sequences using the ; character in URLs, attackers can manipulate the params portion of the URL to gain unauthorized access to files or directories.

How to fix Path Traversal?

Upgrade mlflow to version 2.11.3 or higher.

[,2.11.3)

Path Traversal

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to the handling of the artifact_location parameter when creating an experiment. An attacker can read arbitrary files on the server in the context of the server's process by using a fragment component # in the artifact location URI.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

How to fix Path Traversal?

Upgrade mlflow to version 2.11.3, 2.12.1 or higher.

[,2.11.3)[2.12.0,2.12.1)

mlflow@2.11.2 vulnerabilities

MLflow is an open source platform for the complete machine learning lifecycle

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?