CVE-2023-6753

Description

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

How to fix CVE-2023-6753

To remediate CVE-2023-6753, upgrade the affected package to a fixed version below.

• Bitnami/mlflow—upgrade to 2.9.2 or later
• PyPI/mlflow—upgrade to 2.9.2 or later
• PyPI/mlflow—upgrade to 1c6309f884798fbf56017a3cc808016869ee8de4 or later

Is CVE-2023-6753 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 2.9.2
• from 0, < 2.9.2
• from 0, < 1c6309f884798fbf56017a3cc808016869ee8de4, < 1c6309f884798fbf56017a3cc808016869ee8de4 | from 0, < 2.9.2

CVSS scores

References (6)

• ADVISORYgithub.com/advisories/GHSA-v945-r3rc-6fjm
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-6753
• PATCHgithub.com/mlflow/mlflow
• WEBgithub.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4