CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

Date published : 2023-05-10

https://github.com/mlflow/mlflow/issues/7166

https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234