Vulnerability	Vulnerable Version
M Directory Traversal mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Directory Traversal in the `_get_log_size_legacy()` function in `api/crud/logs.py`. This allows attackers to access locations on the filesystem outside the project directory. How to fix Directory Traversal? Upgrade `mlrun` to version 1.8.0rc30 or higher.	[,1.8.0rc30)
M SQL Injection mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to SQL Injection in the `TDEngineSchema` class in the Model Monitoring component, which passes raw user input into SQL queries. How to fix SQL Injection? Upgrade `mlrun` to version 1.7.0rc39 or higher.	[,1.7.0rc39)
M Race Condition mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Race Condition related to the buffer pool. How to fix Race Condition? Upgrade `mlrun` to version 1.7.0rc5 or higher.	[,1.7.0rc5)
H SQL Injection mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to SQL Injection due to improper user-input sanitization in `Datastore`. How to fix SQL Injection? Upgrade `mlrun` to version 1.4.0rc9 or higher.	[,1.4.0rc9)

Go back to all versions of this package