{"data":{"id":"8c35ad84-87cf-46fe-b5a4-bd7e4baa787f","title":"CVE-2023-2356: Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.","summary":"CVE-2023-2356 is a relative path traversal vulnerability (a flaw that lets attackers access files outside their intended directory by manipulating file paths) found in MLflow versions before 2.3.1. This weakness could allow attackers to read or access files they shouldn't be able to reach on systems running the affected software.","solution":"Update MLflow to version 2.3.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-2356","publishedAt":"2023-04-28T04:15:08.890Z","cveId":"CVE-2023-2356","cweIds":["CWE-23"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.90492,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}