Filtered by vendor
Subscriptions
Total
55 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8859 | 1 Mlflow | 1 Mlflow | 2025-03-20 | N/A |
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory. | ||||
CVE-2024-7033 | 2025-03-20 | N/A | ||
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's filesystem. This can result in overwriting critical system or application files, causing denial of service, or potentially achieving remote code execution (RCE). RCE can allow an attacker to execute malicious code with the privileges of the user running the application, leading to a full system compromise. | ||||
CVE-2024-7957 | 1 Danswer-ai | 1 Danswer | 2025-03-20 | N/A |
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials method, where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write file contents. This allows attackers to overwrite or create arbitrary files if a zuliprc- directory already exists in the temporary directory. | ||||
CVE-2024-8982 | 2025-03-20 | N/A | ||
A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. | ||||
CVE-2024-12389 | 1 Binary-husky | 1 Gpt Academic | 2025-03-20 | N/A |
A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files will remain within the intended extraction directory. An attacker can exploit this vulnerability to perform arbitrary file writes, which can lead to remote code execution. | ||||
CVE-2024-8537 | 1 Modelscope | 1 Agentscope | 2025-03-20 | N/A |
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory. | ||||
CVE-2024-10648 | 2025-03-20 | N/A | ||
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server. | ||||
CVE-2023-1034 | 1 Salesagility | 1 Suitecrm | 2025-03-11 | 8.8 High |
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | ||||
CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2025-02-19 | 9.3 Critical |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||||
CVE-2024-1561 | 1 Gradio Project | 1 Gradio | 2025-02-13 | N/A |
An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables. | ||||
CVE-2024-51534 | 1 Dell | 1 Data Domain Operating System | 2025-02-12 | 7.1 High |
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. | ||||
CVE-2024-21542 | 1 Spotify | 1 Luigi | 2025-02-11 | 8.6 High |
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. | ||||
CVE-2024-3573 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 9.3 Critical |
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root. | ||||
CVE-2024-3848 | 1 Lfprojects | 1 Mlflow | 2025-01-24 | 7.5 High |
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal. | ||||
CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2025-01-22 | 9.8 Critical |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2025-01-17 | 9.3 Critical |
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | ||||
CVE-2023-2984 | 2 Microsoft, Pimcore | 2 Windows, Pimcore | 2025-01-13 | 8.8 High |
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. | ||||
CVE-2023-6021 | 1 Ray Project | 1 Ray | 2024-11-27 | 7.5 High |
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | ||||
CVE-2024-6396 | 2024-11-21 | N/A | ||
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. | ||||
CVE-2024-6139 | 1 Parisneo | 1 Lollms | 2024-11-21 | N/A |
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint. |