Vulnerability Database
Blog
FAQ
Docs
PYSEC-2023-309
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2023-309.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-309
Aliases
BIT-mlflow-2023-6753
CVE-2023-6753
GHSA-v945-r3rc-6fjm
Published
2023-12-13T00:15:07Z
Modified
2025-04-09T17:59:29.288853Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
References
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4
Affected packages
PyPI
/
mlflow
Package
Name
mlflow
View open source insights on deps.dev
Purl
pkg:pypi/mlflow
Affected ranges
Type
GIT
Repo
https://github.com/mlflow/mlflow
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
1c6309f884798fbf56017a3cc808016869ee8de4
Fixed
1c6309f884798fbf56017a3cc808016869ee8de4
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2.9.2
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
PYSEC-2023-309 - OSV