|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-05-14 | |
| Rule Name: | Mlflow Path Traversal Vulnerability (CVE-2024-1483) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Mlflow is an open source machine learning lifecycle management platform designed to simplify the development, tracking, deployment, and management of machine learning projects. It supports the entire machine learning workflow from experiment tracking, model registration, model deployment to project packaging. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850 |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://github.com/mlflow/mlflow/releases/tag/v2.9.2 |