Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qNjJyLXd4cXEtZjNnZs4AA7B4

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the _create_model_version() function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the _validate_non_local_source_contains_relative_paths(source) function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the original source value for model version creation, leading to the exposure of sensitive files when interacting with the /model-versions/get-artifact handler.

Permalink: https://github.com/advisories/GHSA-j62r-wxqq-f3gf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNjJyLXd4cXEtZjNnZs4AA7B4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 21 days ago
Updated: 11 days ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-j62r-wxqq-f3gf, CVE-2024-1558
References:

• https://nvd.nist.gov/vuln/detail/CVE-2024-1558
• https://huntr.com/bounties/7f4dbcc5-b6b3-43dd-b310-e2d0556a8081
• https://github.com/advisories/GHSA-j62r-wxqq-f3gf

Blast Radius: 27.8

Affected Packages