New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Security Vulnerability #7166
Comments
|
@y4ppieflu Can you provide more details? |
|
@harupy |
|
@y4ppieflu Thanks for reporting this vulnerability. I was able to reproduce it. |
|
Thanks @harupy |
|
Thank you! |
|
BTW — shall this follow the process described in the Security Policy and have an associated Github Security Advisory? |
@harupy hi, what about my comment above? |
|
Hi @harupy |
|
CVE record for this issue is now published (CVE-2023-30172) MLflow v2.0.1 fixes the vulnerability. |
|
Does 2.0.1? I see that it was merged into 2.0.0 as well. Can you please confirm? |
Vulnerability details
Local file inclusion in the MLFlow server, additional details may be provided upon request.
MLFlow version
Reproduced in 1.26.1 and 1.30.0
The text was updated successfully, but these errors were encountered: