VDB
KO
HIGH 8.8

GHSA-wv8q-4f85-2p8p

MLflow Path Traversal Vulnerability

Details

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mlflow
Introduced in: 0 Fixed in: 2.9.2
Fix pip install --upgrade 'mlflow>=2.9.2'

References