CVE-2023-6909: MLflow Path Traversal Vulnerability
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.99344%
CWE
Published
12/20/2023
Updated
9/24/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mlflow | pip | < 2.9.2 | 2.9.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The key vulnerability stems from the validate_path_is_safe function not decoding URL-encoded characters before validating path safety. The GitHub patch shows the addition of 'urllib.parse.unquote(path)' to decode the path first, and test cases were added to check encoded traversal patterns. The CWE-29 classification and commit message ('Prevent path traversal with encoded URL') directly implicate this function as the vulnerable component that allowed bypassing of path validation through encoding.