8.8

CVE-2023-6976

Exploit

Unrestricted Upload of File with Dangerous Type

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LfprojectsMlflow Version < 2.9.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
Patch
https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f
Third Party Advisory
Exploit