Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6709.json",
"cna_assigner": "@huntr_ai",
"cwe_ids": [
"CWE-1336"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.9.2"
}
]
}"2026-07-09T10:36:41Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6709.json"
[
{
"id": "CVE-2023-6709-264721b0",
"digest": {
"function_hash": "41577576781758645994132782347271038383",
"length": 482.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"deprecated": false,
"target": {
"function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly",
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
}
},
{
"id": "CVE-2023-6709-3b2c929e",
"digest": {
"line_hashes": [
"196573444960829707875320866494714691261",
"271948446609272190247368243181800837017",
"53471754088520627507579338316850690467",
"33278243910103464003635330866461910749"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"deprecated": false,
"target": {
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
}
},
{
"id": "CVE-2023-6709-708d66a9",
"digest": {
"line_hashes": [
"309731809211771193513369395030748044361",
"114807972603507761925102257914653220858",
"54242903575207562870989186276313247961",
"128921726128245671312574701825963265888"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"deprecated": false,
"target": {
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
}
},
{
"id": "CVE-2023-6709-e5d1dbd1",
"digest": {
"function_hash": "9624725844488257082857400704039181297",
"length": 188.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"deprecated": false,
"target": {
"function": "doGet",
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
}
}
]