CVE Vulnerabilities

CVE-2023-1176

Absolute Path Traversal

Published: Mar 24, 2023 | Modified: Mar 28, 2023
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

Weakness

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.

Affected Software

Name Vendor Start Version End Version
Mlflow Lfprojects * 2.2.2 (excluding)

References