CRITICAL 10.0
GHSA-f798-qm4r-23r5
MLflow allowed arbitrary files to be PUT onto the server
Details
MLflow allowed arbitrary files to be PUT onto the server.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-6015 [ADVISORY]
- https://github.com/mlflow/mlflow/pull/10330 [WEB]
- https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7 [WEB]
- https://github.com/mlflow/mlflow [PACKAGE]
- https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 [WEB]