漏洞描述
Mlflow存在目录遍历漏洞,此漏洞是由于对artifact_location参数缺乏验证导致的。
Mlflow CVE-2023-6909 目录遍历漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-1177: Mlflow <2.2.1 - Local File Inclusion
- POC CVE-2023-2356: Mlflow <2.3.0 - Local File Inclusion
- POC CVE-2023-2780: Mlflow <2.3.1 - Local File Inclusion Bypass
- POC CVE-2023-3765: MLflow Absolute Path Traversal
- POC CVE-2023-43472: MLFlow < 2.8.1 - Sensitive Information Disclosure
- POC CVE-2023-6018: Mlflow - Arbitrary File Write
- POC CVE-2023-6568: Mlflow - Cross-Site Scripting
- POC CVE-2023-6831: mlflow - Path Traversal
- POC CVE-2023-6909: Mlflow <2.9.2 - Path Traversal
- POC CVE-2023-6977: Mlflow <2.8.0 - Local File Inclusion
- POC CVE-2024-1483: Mlflow < 2.9.2 - Path Traversal
- POC CVE-2024-2928: MLflow < 2.11.3 - Path Traversal
- POC CVE-2024-3848: Mlflow < 2.11.0 - Path Traversal