—
PYSEC-2023-29
Details
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / mlflow
Introduced in:
0 Fixed in: 7162a50c654792c21f3e4a160eb1a0e6a34f6e6e Fix
pip install --upgrade 'mlflow>=7162a50c654792c21f3e4a160eb1a0e6a34f6e6e' References
- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 [EVIDENCE]
- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 [FIX]
- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 [WEB]
- https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e [FIX]