cbcvebase.

Lfprojects Mlflow vulnerabilities

69 known vulnerabilities affecting lfprojects/mlflow.

Total CVEs
69
CISA KEV
0
Public exploits
14
Exploited in wild
2
Severity breakdown
CRITICAL15HIGH43MEDIUM9LOW2

Vulnerabilities

Page 1 of 4
CVE-2023-1177P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.2.12023-03-24
CVE-2023-1177 [CRITICAL] CWE-29 CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
ghsanvdosv
CVE-2023-6909P1HIGHCVSS 7.5ExploitedPoCfixed in 2.9.22023-12-18
CVE-2023-6909 [HIGH] CWE-29 CVE-2023-6909: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
ghsanvdosv
CVE-2023-3765P2CRITICALCVSS 10.0PoCfixed in 2.5.02023-07-19
CVE-2023-3765 [CRITICAL] CWE-36 CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
ghsanvdosv
CVE-2024-3848P2HIGHCVSS 7.5PoCfixed in 2.12.12024-05-16
CVE-2024-3848 [HIGH] CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for th A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that
ghsanvdosv
CVE-2026-2652P2HIGHCVSS 8.6PoCfixed in 3.10.02026-05-15
CVE-2026-2652 [HIGH] CWE-305 CVE-2026-2652: A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API
ghsanvd
CVE-2023-43472P2HIGHCVSS 7.5PoC≤ 2.8.12023-12-05
CVE-2023-43472 [HIGH] CVE-2023-43472: An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive informatio An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
ghsanvdosv
CVE-2024-2928P2HIGHCVSS 7.5PoCfixed in 2.11.32024-06-06
CVE-2024-2928 [HIGH] CWE-29 CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the
ghsanvdosv
CVE-2025-11201P1CRITICALCVSS 9.8fixed in 2025-06-102025-10-29
CVE-2025-11201 [CRITICAL] CWE-22 CVE-2025-11201: MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The i
nvd
CVE-2023-2780P2CRITICALCVSS 9.8PoCfixed in 2.3.12023-05-17
CVE-2023-2780 [CRITICAL] CWE-29 CVE-2023-2780: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
ghsanvdosv
CVE-2024-1483P2HIGHCVSS 7.5PoCfixed in 2.12.12024-04-16
CVE-2024-1483 [HIGH] CWE-22 CVE-2024-1483: A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access a A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occ
ghsanvdosv
CVE-2023-2356P3HIGHCVSS 7.5PoCfixed in 2.3.12023-04-28
CVE-2023-2356 [HIGH] CWE-23 CVE-2023-2356: Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
ghsanvdosv
CVE-2023-6977P3HIGHCVSS 7.5PoC≥ 1.0.0, < 2.9.22023-12-20
CVE-2023-6977 [HIGH] CWE-29 CVE-2023-6977: This vulnerability enables malicious users to read sensitive files on the server. This vulnerability enables malicious users to read sensitive files on the server.
ghsanvdosv
CVE-2024-8859P3HIGHCVSS 7.5PoCv2.15.12025-03-20
CVE-2024-8859 [HIGH] CWE-29 CVE-2024-8859: A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulner
ghsanvdosv
CVE-2023-6831P3HIGHCVSS 8.1PoCfixed in 2.9.22023-12-15
CVE-2023-6831 [HIGH] CWE-29 CVE-2023-6831: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
ghsanvdosv
CVE-2025-11200P2CRITICALCVSS 9.8≤ 2.21.02025-10-29
CVE-2025-11200 [CRITICAL] CWE-521 CVE-2025-11200: MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows rem MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements.
nvd
CVE-2025-15379P2CRITICALCVSS 9.8≥ 3.8.0, ≤ 3.8.12026-03-30
CVE-2025-15379 [CRITICAL] CWE-77 CVE-2025-15379: A command injection vulnerability exists in MLflow's model serving container initialization code, sp A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell co
nvd
CVE-2025-15036P2CRITICALCVSS 10.0fixed in 3.9.02026-03-30
CVE-2025-15036 [CRITICAL] CWE-29 CVE-2025-15036: A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/py A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file c
nvd
CVE-2025-15031P2CRITICALCVSS 9.1≤ 3.10.12026-03-18
CVE-2025-15031 [CRITICAL] CWE-22 CVE-2025-15031: A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improp A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest versio
ghsanvdosv
CVE-2023-6974P2CRITICALCVSS 9.8fixed in 2.9.22023-12-20
CVE-2023-6974 [CRITICAL] CWE-918 CVE-2023-6974: A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
ghsanvdosv
CVE-2024-0520P2HIGHCVSS 8.8fixed in 2.9.02024-06-06
CVE-2024-0520 [HIGH] CWE-22 CVE-2024-0520: A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neut A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposit
ghsanvdosv
Lfprojects Mlflow vulnerabilities | cvebase