-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a classic path traversal weakness in the file upload functionality of the ml-logger server. The root cause is the lack of input sanitization for the filename received in a file upload request.
The exploitation flow begins in the LoggingServer.log_handler function. This function receives an HTTP POST request with a file upload. It extracts the filename directly from the Content-Disposition header of the multipart request. This filename is controlled by the attacker.
The untrusted filename is then passed as the key argument to the LoggingServer.log function. The log function, in turn, passes this key to LoggingServer.abs_path to resolve the full destination path for the file.
The abs_path function uses os.path.join to prepend the server's working directory to the filename. os.path.join does not sanitize path traversal sequences (../). Therefore, an attacker can provide a filename like ../../../../etc/passwd to cause the abs_path function to generate a path outside of the intended logging directory.
Finally, the log function uses the generated malicious path to open and write the uploaded file content. This allows an unauthenticated remote attacker to write or overwrite arbitrary files on the server with the privileges of the running process, leading to potential remote code execution or other severe impacts.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ml-logger | pip | <= 0.10.36 |
PythonPythonOngoing coverage of React2Shell