|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-05-14 | |
| Rule Name: | Mlflow Arbitrary File Reading Vulnerability (CVE-2023-6977 CVE-2024-3573) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Mlflow is an open source machine learning lifecycle management platform designed to simplify the development, tracking, deployment, and management of machine learning projects. It supports the entire machine learning workflow from experiment tracking, model registration, model deployment to project packaging. A remote attacker can read system files through this vulnerability. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c |