{"data":{"id":"494cc40c-a6f3-4afd-b270-c08f212d2f23","title":"CVE-2023-4033: OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.","summary":"CVE-2023-4033 is an OS command injection vulnerability (a type of attack where an attacker can run arbitrary system commands) found in MLflow, an open-source machine learning platform, in versions before 2.6.0. The vulnerability allows attackers to execute unauthorized commands on affected systems.","solution":"Update MLflow to version 2.6.0 or later. A patch is available at the GitHub commit: https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-4033","publishedAt":"2023-08-01T05:15:10.913Z","cveId":"CVE-2023-4033","cweIds":["CWE-78"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00255,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}