CVE-2023-6018

Summary

An attacker can overwrite any file on the server hosting MLflow without any authentication.

Affected Software

VendorProductVersion RangeStatus
mlflowmlflow/mlflowunspecified <= latestaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command

ADP Enrichment

CVE Program Container

Additional References

References