CVE-2023-6709

Description

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

How to fix CVE-2023-6709

To remediate CVE-2023-6709, upgrade the affected package to a fixed version below.

• Bitnami/mlflow—upgrade to 2.9.2 or later
• PyPI/mlflow—upgrade to 2.9.2 or later
• —upgrade to 432b8ccf27fd3a76df4ba79bb1bec62118a85625 or later

Is CVE-2023-6709 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 2.9.2
• from 0, < 2.9.2
• from 0, < 432b8ccf27fd3a76df4ba79bb1bec62118a85625 | from 0, < 2.9.2

CVSS scores

References (6)

• ADVISORYgithub.com/advisories/GHSA-cxfr-5q3r-2rc2
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-6709
• PATCHgithub.com/mlflow/mlflow
• WEBgithub.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625