{"data":{"id":"5e1eb6e5-cdf1-435a-92bd-79cc67e2e19f","title":"CVE-2023-1176: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.","summary":"CVE-2023-1176 is an absolute path traversal vulnerability (a bug where an attacker can access files anywhere on a system by using file paths that start from the root directory) found in MLflow, an open-source platform for managing machine learning experiments, affecting versions before 2.2.2. The vulnerability was discovered and reported through the huntr.dev bug bounty program.","solution":"Fixed in version 2.2.2. A patch is available at https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-1176","publishedAt":"2023-03-24T19:15:10.110Z","cveId":"CVE-2023-1176","cweIds":["CWE-36"],"cvssScore":"3.3","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00084,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.82,"researchCategory":null,"atlasIds":null}}