{"data":{"id":"ba3ac010-5c74-4c0c-9f57-d001ad360b7a","title":"CVE-2023-1177: Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n","summary":"CVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.","solution":"Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-1177","publishedAt":"2023-03-24T19:15:10.193Z","cveId":"CVE-2023-1177","cweIds":["CWE-29","CWE-22"],"cvssScore":"9.3","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.93326,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}