{"data":{"id":"c39bc197-4a59-4f65-a516-12e5d13aed32","title":"CVE-2023-2780: Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.","summary":"MLflow (a tool for managing machine learning experiments) versions before 2.3.1 contain a path traversal vulnerability (CWE-29, a weakness where attackers can access files outside intended directories by using special characters like '..\\'). This vulnerability could allow an attacker to read or manipulate files they shouldn't have access to.","solution":"Update MLflow to version 2.3.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-2780","publishedAt":"2023-05-18T01:15:09.470Z","cveId":"CVE-2023-2780","cweIds":["CWE-29"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.87766,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}