From a6800af6e953b38ea31f63225acab36fff229803 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Thu, 25 May 2023 18:17:31 +0000
Subject: [PATCH] Auto import

---
 vulns/mlflow/PYSEC-0000-CVE-2023-2780.yaml | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 vulns/mlflow/PYSEC-0000-CVE-2023-2780.yaml

diff --git a/vulns/mlflow/PYSEC-0000-CVE-2023-2780.yaml b/vulns/mlflow/PYSEC-0000-CVE-2023-2780.yaml
new file mode 100644
index 00000000..04ef7341
--- /dev/null
+++ b/vulns/mlflow/PYSEC-0000-CVE-2023-2780.yaml
@@ -0,0 +1,31 @@
+id: PYSEC-0000-CVE-2023-2780
+details: 'Path Traversal: ''\..\filename'' in GitHub repository mlflow/mlflow prior
+  to 2.3.1.'
+affected:
+- package:
+    name: mlflow
+    ecosystem: PyPI
+    purl: pkg:pypi/mlflow
+  ranges:
+  - type: GIT
+    repo: https://github.com/mlflow/mlflow
+    events:
+    - introduced: "0"
+    - fixed: fae77a525dd908c56d6204a4cef1c1c75b4e9857
+  - type: ECOSYSTEM
+    events:
+    - introduced: "0"
+    - fixed: 2.3.1
+references:
+- type: EVIDENCE
+  url: https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
+- type: FIX
+  url: https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
+- type: WEB
+  url: https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
+- type: FIX
+  url: https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
+aliases:
+- CVE-2023-2780
+modified: "2023-05-25T17:26:00Z"
+published: "2023-05-17T21:15:00Z"