GHSA-wxj7-3fx5-pp9m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wxj7-3fx5-pp9m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-wxj7-3fx5-pp9m/GHSA-wxj7-3fx5-pp9m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wxj7-3fx5-pp9m
- Aliases
- Published
- 2025-06-23T15:31:43Z
- Modified
- 2025-06-27T21:29:54.991943Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- MLFlow SSRF via gateway_proxy_handler
- Details
-
gatewayproxyhandler in MLflow before 3.1.0 lacks gateway_path validation.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2025-06-23T21:22:08Z", "nvd_published_at": "2025-06-23T15:15:29Z", "cwe_ids": [ "CWE-918" ], "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-52967
- https://github.com/mlflow/mlflow/issues/15944
- https://github.com/mlflow/mlflow/pull/15970
- https://github.com/mlflow/mlflow
- https://github.com/mlflow/mlflow/releases/tag/v3.1.0
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
Affected packages
PyPI / mlflow
Package
- Name
- mlflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/mlflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.0
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.13.2
2.14.0rc0
2.14.0
2.14.1
2.14.2.dev0
2.14.2
2.14.3
2.15.0rc0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
2.17.0rc0
2.17.0
2.17.1
2.17.2
2.18.0rc0
2.18.0
2.19.0rc0
2.19.0
2.20.0rc0
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0rc0
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0rc0
2.22.0
2.22.1
3.*
3.0.0rc0
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.1.0rc0