CVE-2024-3573

Source
https://cve.org/CVERecord?id=CVE-2024-3573
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3573.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-3573
Aliases
Published
2024-04-16T00:00:14.753Z
Modified
2026-07-08T06:58:15.416347481Z
Severity
  • 9.3 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
Summary
Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow
Details

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/3xxx/CVE-2024-3573.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-29"
    ]
}
References

Affected packages

Git / github.com/mlflow/mlflow

Affected ranges

Type
GIT
Repo
https://github.com/mlflow/mlflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.10.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.0.0
v0.*
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.6.0
v0.7
v0.8.0
v0.8.1
v1.*
v1.7.0
v2.*
v2.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3573.json"