漏洞描述
mlflow中存在目录遍历漏洞,此漏洞是由于程序未充分验证用户输入的DELETE请求中包含数据所导致的。
mlflow CVE-2023-6831 目录遍历漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-1177: Mlflow <2.2.1 - Local File Inclusion
- POC CVE-2023-2356: Mlflow <2.3.0 - Local File Inclusion
- POC CVE-2023-2780: Mlflow <2.3.1 - Local File Inclusion Bypass
- POC CVE-2023-3765: MLflow Absolute Path Traversal
- POC CVE-2023-43472: MLFlow < 2.8.1 - Sensitive Information Disclosure
- POC CVE-2023-6018: Mlflow - Arbitrary File Write
- POC CVE-2023-6568: Mlflow - Cross-Site Scripting
- POC CVE-2023-6831: mlflow - Path Traversal
- POC CVE-2023-6909: Mlflow <2.9.2 - Path Traversal
- POC CVE-2023-6977: Mlflow <2.8.0 - Local File Inclusion
- POC CVE-2024-1483: Mlflow < 2.9.2 - Path Traversal
- POC CVE-2024-2928: MLflow < 2.11.3 - Path Traversal
- POC CVE-2024-3848: Mlflow < 2.11.0 - Path Traversal