Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC

mlflow vulnerable to Path Traversal

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

Permalink: https://github.com/advisories/GHSA-hq88-wg7q-gp4g
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 9.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Identifiers: GHSA-hq88-wg7q-gp4g, CVE-2024-3573
References: Repository: https://github.com/mlflow/mlflow
Blast Radius: 34.5

Affected Packages

pypi:mlflow
Dependent packages: 360
Dependent repositories: 5,089
Downloads: 14,526,638 last month
Affected Version Ranges: < 2.10.0
Fixed in: 2.10.0
All affected versions: 0.0.1, 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.9.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.13.1, 1.14.0, 1.14.1, 1.15.0, 1.16.0, 1.17.0, 1.18.0, 1.19.0, 1.20.0, 1.20.1, 1.20.2, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.24.0, 1.25.0, 1.25.1, 1.26.0, 1.26.1, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.30.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.6.0, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2
All unaffected versions: 2.10.0, 2.10.1, 2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.12.0, 2.12.1, 2.12.2, 2.13.0