VDB
KO
CRITICAL 9.8

GHSA-hh8p-p8mp-gqhm

MLFlow Path Traversal Vulnerability

Details

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mlflow
Introduced in: 0 Fixed in: 2.9.2
Fix pip install --upgrade 'mlflow>=2.9.2'

References