From 95835d5e312e371db1dfcf15bdf656c6f620cc86 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Fri, 7 Apr 2023 19:32:53 +0000
Subject: [PATCH] Auto Generated CVE annotations [Fri Apr  7 19:32:53 UTC 2023]
 :robot:

---
 cves/2023/CVE-2023-1177.yaml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/cves/2023/CVE-2023-1177.yaml b/cves/2023/CVE-2023-1177.yaml
index 9654de1020..ef5dff0ce2 100644
--- a/cves/2023/CVE-2023-1177.yaml
+++ b/cves/2023/CVE-2023-1177.yaml
@@ -2,17 +2,23 @@ id: CVE-2023-1177
 info:
   name: mlflow > 2.2.1 - Local File Inclusion
   author: iamnoooob,pdresearch
-  severity: high
+  severity: critical
   description: |
     Path Traversal '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
   reference:
     - https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28/
     - https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1177
+    - https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-1177
+    cwe-id: CWE-29
   metadata:
-    verified: "true"
     shodan-query: http.title:"mlflow"
-  tags: cve,cve2023,mlflow,oss,lfi
+    verified: "true"
+  tags: mlflow,oss,lfi,huntr,cve,cve2023
 
 requests:
   - raw: