CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Summary
CVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.
Solution / Mitigation
Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
Vulnerability Details
9.3(critical)
EPSS: 93.3%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-1177
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 85%