{"data":{"id":"ed643876-e795-445c-88b4-dac99f36780a","title":"CVE-2023-6831: Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.","summary":"CVE-2023-6831 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..\\'). in MLflow versions before 2.9.2 that allows attackers to manipulate file paths and access restricted files they shouldn't be able to reach.","solution":"Update MLflow to version 2.9.2 or later. A patch is available at https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-6831","publishedAt":"2023-12-15T06:15:08.140Z","cveId":"CVE-2023-6831","cweIds":["CWE-29","CWE-22"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.77746,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}