daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Fri Apr 7 19:32:53 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-07 19:32:53 +00:00
parent 8cd2e273f2
commit 95835d5e31
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cves/2023/CVE-2023-1177.yaml
View File

@ -2,17 +2,23 @@ id: CVE-2023-1177
info:
name: mlflow > 2.2.1 - Local File Inclusion
author: iamnoooob,pdresearch
severity: high
severity: critical
description: |
Path Traversal '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
reference:
- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28/
- https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1177
- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-1177
cwe-id: CWE-29
metadata:
verified: "true"
shodan-query: http.title:"mlflow"
tags: cve,cve2023,mlflow,oss,lfi
verified: "true"
tags: mlflow,oss,lfi,huntr,cve,cve2023
requests:
- raw: