8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-6753

CVE-2023-6753: Path traversal in MLflow

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-6753

CVE-2023-6753:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mlflow	pip	< 2.9.2	2.9.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path sanitization in the dataset loading functionality. The key indicators are:

The patch replaces posixpath (Unix-specific path handling) with os.path.basename (platform-aware)
Added validation in _extract_filename() to reject path-like filenames
New Windows-specific tests verify protection against traversal patterns
The CWE-22 classification confirms this is a path limitation issue
The commit message explicitly references fixing Windows traversal attacks

The load() method was vulnerable because it used posixpath to handle filenames, which doesn't properly process Windows path separators, allowing attackers to escape directory restrictions through specially crafted filenames in Content-Disposition headers or URL paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-6753: Path traversal in MLflow

CVE-2023-6753:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

CVE-2023-6753: Path traversal in MLflow

Technical Details

8.8

8.8

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-6753: Path traversal in MLflow

CVE-2023-6753:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability IntelligenceMiggo AI

CVE-2023-6753: Path traversal in MLflow

Technical Details

8.8

8.8

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI