CVE-2023-4033
published 2023-08-01CVE-2023-4033: OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.20%
64.2th percentile
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.6.0 | 2.6.0 |
| lfprojects | mlflow | >= 0 < 2.6.0 | 2.6.0 |
| lfprojects | mlflow | >= 0 < 6dde93758d42455cb90ef324407919ed67668b9b | 6dde93758d42455cb90ef324407919ed67668b9b |
| mlflow | mlflow_mlflow | >= unspecified < 2.6.0 | 2.6.0 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
mlflow vulnerable to OS Command Injection
ghsa·2023-08-01
CVE-2023-4033 [HIGH] CWE-78 mlflow vulnerable to OS Command Injection
mlflow vulnerable to OS Command Injection
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
OSV
mlflow vulnerable to OS Command Injection
osv·2023-08-01
CVE-2023-4033 [HIGH] mlflow vulnerable to OS Command Injection
mlflow vulnerable to OS Command Injection
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
OSV
CVE-2023-4033: OS Command Injection in GitHub repository mlflow/mlflow prior to 2
osv·2023-08-01
CVE-2023-4033 CVE-2023-4033: OS Command Injection in GitHub repository mlflow/mlflow prior to 2
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
Red Hat
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
vendor_redhat·2024-02-13·CVSS 7.5
CVE-2023-50387 [HIGH] CWE-400 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side.
This vulnerability applies only for systems where DNSSEC validation is enabled.
Statement: This vulnerability in DNSSEC-validating resolv
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-01
Published