Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1177.json",
"cna_assigner": "@huntrdev",
"cwe_ids": [
"CWE-29"
]
}{
"cpe": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1"
}
],
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
]
}[
{
"digest": {
"function_hash": "315695039987599915833795250148533443280",
"length": 188.0
},
"target": {
"function": "doGet",
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"id": "CVE-2023-1177-3d0ffab8",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mlflow/mlflow/commit/ffe005c58dd45e4f200bfb5a77aa5273a57ca39d",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184537011841202855010175748683233015740",
"37052205958489476375165583908706963982",
"163827101219918441006880180624444697414",
"297079543708614561370828289053379060808"
]
},
"target": {
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"id": "CVE-2023-1177-5daf1389",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mlflow/mlflow/commit/ffe005c58dd45e4f200bfb5a77aa5273a57ca39d",
"deprecated": false
},
{
"digest": {
"function_hash": "110835240179957637795242358676224518213",
"length": 482.0
},
"target": {
"function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly",
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"id": "CVE-2023-1177-87ebdc7e",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mlflow/mlflow/commit/ffe005c58dd45e4f200bfb5a77aa5273a57ca39d",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"203989792986681947897820114496437655629",
"223341954211807404523867919691887162855",
"271938718366277703190849776855167632540",
"235966189990620696098933471156313906891"
]
},
"target": {
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"id": "CVE-2023-1177-b1982522",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mlflow/mlflow/commit/ffe005c58dd45e4f200bfb5a77aa5273a57ca39d",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1177.json"
"2026-07-09T06:02:13Z"