Vertaai Modeldb vulnerabilities
2 known vulnerabilities affecting vertaai/vertaai_modeldb.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-6023P2HIGHCVSS 7.5ExploitedPoC≥ unspecified, ≤ latest2023-11-16
CVE-2023-6023 [HIGH] CWE-29 CVE-2023-6023: An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
nvd
CVE-2024-1961P2HIGHCVSS 8.8≥ unspecified, ≤ latest2024-04-16
CVE-2024-1961 [HIGH] CWE-22 CVE-2024-1961: vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-suppli
vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting cr
nvd