CWE-29
AllowedPath Traversal: '\..\filename'
Abstraction: Variant · Status: Incomplete
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
127 vulnerabilities reference this CWE, most recent first.
GHSA-FV57-985W-X39V
Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-07-03 18:39An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
{
"affected": [],
"aliases": [
"CVE-2024-34470"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-06T15:15:24Z",
"severity": "HIGH"
},
"details": "An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.",
"id": "GHSA-fv57-985w-x39v",
"modified": "2024-07-03T18:39:09Z",
"published": "2024-05-06T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34470"
},
{
"type": "WEB",
"url": "https://github.com/osvaldotenorio/CVE-2024-34470"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G8HW-97V7-43Q8
Vulnerability from github – Published: 2024-06-06 18:30 – Updated: 2024-06-06 18:30A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts.
{
"affected": [],
"aliases": [
"CVE-2024-2914"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T18:15:13Z",
"severity": "HIGH"
},
"details": "A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library\u0027s codebase, including but not limited to the files_util.py and extract_imagenet.py scripts.",
"id": "GHSA-g8hw-97v7-43q8",
"modified": "2024-06-06T18:30:55Z",
"published": "2024-06-06T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2914"
},
{
"type": "WEB",
"url": "https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b064bd2f-bf6e-4fc0-898e-7d02a9b97e24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8RF-47G8-M3M9
Vulnerability from github – Published: 2024-09-30 09:30 – Updated: 2024-09-30 09:30A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the serve_js function in app.py, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.
{
"affected": [],
"aliases": [
"CVE-2024-6394"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-30T08:15:03Z",
"severity": "HIGH"
},
"details": "A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.",
"id": "GHSA-g8rf-47g8-m3m9",
"modified": "2024-09-30T09:30:46Z",
"published": "2024-09-30T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6394"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G9CJ-CFPP-4G2X
Vulnerability from github – Published: 2024-04-16 00:30 – Updated: 2024-05-10 16:31An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1561"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-16T18:21:39Z",
"nvd_published_at": "2024-04-16T00:15:08Z",
"severity": "HIGH"
},
"details": "An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.",
"id": "GHSA-g9cj-cfpp-4g2x",
"modified": "2024-05-10T16:31:55Z",
"published": "2024-04-16T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1561"
},
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/4acf584e-2fe8-490e-878d-2d9bf2698338"
},
{
"type": "WEB",
"url": "https://www.gradio.app/changelog#4-13-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "gradio vulnerable to Path Traversal"
}
GHSA-H39J-R5QQ-R9MM
Vulnerability from github – Published: 2026-06-05 09:33 – Updated: 2026-06-05 09:33All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is written through the symlink to the target location outside the output directory. This is due to the microtask processing order that checks readlink for the second file before resolving symlink for the first file. An attacker can write arbitrary file on the host filesystem potentially leading to remote code execution by providing a specially crafted ZIP archive.
Note:
This bypasses all existing path traversal protections including preventWritingThroughSymlink, added as a part of the fix for CVE-2020-12265.
{
"affected": [],
"aliases": [
"CVE-2026-10732"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T07:16:29Z",
"severity": "MODERATE"
},
"details": "All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is written through the symlink to the target location outside the output directory. This is due to the microtask processing order that checks readlink for the second file before resolving symlink for the first file. An attacker can write arbitrary file on the host filesystem potentially leading to remote code execution by providing a specially crafted ZIP archive.\n\n**Note:**\n\nThis bypasses all existing path traversal protections including preventWritingThroughSymlink, added as a part of the fix for [CVE-2020-12265](https://security.snyk.io/vuln/SNYK-JS-DECOMPRESS-557358).",
"id": "GHSA-h39j-r5qq-r9mm",
"modified": "2026-06-05T09:33:46Z",
"published": "2026-06-05T09:33:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10732"
},
{
"type": "WEB",
"url": "https://github.com/kevva/decompress/pull/112"
},
{
"type": "WEB",
"url": "https://gist.github.com/Alemmi/409c3cc148c39522c6d6a8538b0e1f9e"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-DECOMPRESS-16415209"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H74J-692G-48MQ
Vulnerability from github – Published: 2021-05-18 15:31 – Updated: 2024-02-13 16:32All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
Specific Go Packages Affected
github.com/mholt/archiver/cmd/arc
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mholt/archiver"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10743"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T21:21:43Z",
"nvd_published_at": "2019-10-29T19:15:16Z",
"severity": "MODERATE"
},
"details": "All versions of archiver allow attacker to perform a Zip Slip attack via the \"unarchive\" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a \"../../file.exe\" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\n### Specific Go Packages Affected\ngithub.com/mholt/archiver/cmd/arc",
"id": "GHSA-h74j-692g-48mq",
"modified": "2024-02-13T16:32:29Z",
"published": "2021-05-18T15:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10743"
},
{
"type": "WEB",
"url": "https://github.com/mholt/archiver/pull/169"
},
{
"type": "WEB",
"url": "https://github.com/mholt/archiver/pull/203"
},
{
"type": "WEB",
"url": "https://github.com/mholt/archiver/commit/8217ed3a206c0473b4ec1aff51375b398838073a"
},
{
"type": "WEB",
"url": "https://github.com/snyk/zip-slip-vulnerability"
},
{
"type": "WEB",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Path Traversal in MHolt Archiver"
}
GHSA-HC5W-C9F8-9CC4
Vulnerability from github – Published: 2024-10-29 15:32 – Updated: 2024-11-01 15:24A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the setFileContent, getParsedFile, and mdelete methods, which do not properly sanitize user input.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "langchain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-7774"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-29T19:40:07Z",
"nvd_published_at": "2024-10-29T13:15:09Z",
"severity": "MODERATE"
},
"details": "A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.",
"id": "GHSA-hc5w-c9f8-9cc4",
"modified": "2024-11-01T15:24:38Z",
"published": "2024-10-29T15:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7774"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9"
},
{
"type": "PACKAGE",
"url": "https://github.com/langchain-ai/langchainjs"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-111.yaml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8fe40685-b714-4191-af7a-3de5e5628cee"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Langchain Path Traversal vulnerability"
}
GHSA-HH8P-P8MP-GQHM
Vulnerability from github – Published: 2023-12-20 06:30 – Updated: 2024-01-02 15:14A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6975"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-20T20:32:39Z",
"nvd_published_at": "2023-12-20T06:15:45Z",
"severity": "CRITICAL"
},
"details": "A malicious user could use this issue to get command execution on the vulnerable machine and get access to data \u0026 models information.",
"id": "GHSA-hh8p-p8mp-gqhm",
"modified": "2024-01-02T15:14:39Z",
"published": "2023-12-20T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6975"
},
{
"type": "WEB",
"url": "https://github.com/mlflow/mlflow/commit/b9ab9ed77e1deda9697fe472fb1079fd428149ee"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/029a3824-cee3-4cf1-b260-7138aa539b85"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "MLFlow Path Traversal Vulnerability"
}
GHSA-HQ88-WG7Q-GP4G
Vulnerability from github – Published: 2024-04-16 00:30 – Updated: 2025-04-08 21:59mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-3573"
],
"database_specific": {
"cwe_ids": [
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-16T18:20:36Z",
"nvd_published_at": "2024-04-16T00:15:12Z",
"severity": "CRITICAL"
},
"details": "mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the \u0027is_local_uri\u0027 function\u0027s failure to properly handle URIs with empty or \u0027file\u0027 schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted \u0027source\u0027 parameters, enabling the reading of sensitive files within at least two directory levels from the server\u0027s root.",
"id": "GHSA-hq88-wg7q-gp4g",
"modified": "2025-04-08T21:59:38Z",
"published": "2024-04-16T00:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3573"
},
{
"type": "WEB",
"url": "https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-243.yaml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "mlflow vulnerable to Path Traversal"
}
GHSA-J46Q-5PXX-8VMW
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2025-04-08 22:01A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-2928"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-29"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-06T22:37:38Z",
"nvd_published_at": "2024-06-06T19:15:55Z",
"severity": "HIGH"
},
"details": "A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application\u0027s failure to properly validate URI fragments for directory traversal sequences such as \u0027../\u0027. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like \u0027/etc/passwd\u0027. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI\u0027s query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.",
"id": "GHSA-j46q-5pxx-8vmw",
"modified": "2025-04-08T22:01:09Z",
"published": "2024-06-06T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2928"
},
{
"type": "WEB",
"url": "https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-242.yaml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Local File Inclusion in mlflow"
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.