Harutaka Kawamura

10 exploits Active since Mar 2023
CVE-2024-0520 WRITEUP HIGH WRITEUP
mlflow/mlflow <8.2.1 - Command Injection
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
CVSS 8.8
CVE-2023-1176 WRITEUP LOW WRITEUP
MLflow < 2.2.2 - Absolute Path Traversal
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
CVSS 3.3
CVE-2023-2780 WRITEUP CRITICAL WRITEUP
MLflow < 2.3.1 - Path Traversal via Backslash-Dot-Dot-Slash Sequence
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
CVSS 9.8
CVE-2023-6709 WRITEUP HIGH WRITEUP
mlflow/mlflow <2.9.2 - Info Disclosure
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
CVSS 8.8
CVE-2023-6753 WRITEUP HIGH WRITEUP
MLflow < 2.9.2 - Path Traversal
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
CVSS 8.8
CVE-2023-6975 WRITEUP CRITICAL WRITEUP
MLflow <= 2.9.2 - Command Injection
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
CVSS 9.8
CVE-2023-6976 WRITEUP HIGH WRITEUP
MLflow < 2.9.2 - Arbitrary File Write via Unrestricted File Upload
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
CVSS 8.8
CVE-2023-6977 WRITEUP HIGH WRITEUP
MLflow < 2.9.2 - Information Disclosure
This vulnerability enables malicious users to read sensitive files on the server.
CVSS 7.5
CVE-2024-8859 WRITEUP HIGH WRITEUP
MLflow 2.15.1 - Path Traversal and Arbitrary File Read via DBFS Service URL Handling
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory.
CVSS 7.5
CVE-2025-11201 WRITEUP CRITICAL WRITEUP
MLflow < 3.0.0 - Unauthenticated Remote Code Execution via Model File Path Traversal
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.
CVSS 9.8