A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6975.json"
[
{
"id": "CVE-2023-6975-264721b0",
"target": {
"function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly",
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"digest": {
"function_hash": "41577576781758645994132782347271038383",
"length": 482.0
},
"signature_type": "Function"
},
{
"id": "CVE-2023-6975-3b2c929e",
"target": {
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"digest": {
"threshold": 0.9,
"line_hashes": [
"196573444960829707875320866494714691261",
"271948446609272190247368243181800837017",
"53471754088520627507579338316850690467",
"33278243910103464003635330866461910749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-6975-708d66a9",
"target": {
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"digest": {
"threshold": 0.9,
"line_hashes": [
"309731809211771193513369395030748044361",
"114807972603507761925102257914653220858",
"54242903575207562870989186276313247961",
"128921726128245671312574701825963265888"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-6975-e5d1dbd1",
"target": {
"function": "doGet",
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/6ca72469b289e77acc2f1201ca39237fc025c090",
"digest": {
"function_hash": "9624725844488257082857400704039181297",
"length": 188.0
},
"signature_type": "Function"
}
]