-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mlflow | pip | < 2.9.2 | 2.9.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the validate_path_is_safe function not performing URL decoding before path validation. The patch adds urllib.parse.unquote() to decode the path first, and test cases demonstrate exploitation via encoded sequences. The CWE-29 ('..filename') mapping confirms this is an unencoded path traversal vulnerability addressed by proper URL decoding before validation.
A Semantic Attack on Google Gemini - Read the Latest Research