Skip to content

Commit

Permalink
Add CVE-2023-6977 Vulnerable Environment
Browse files Browse the repository at this point in the history
  • Loading branch information
@frkngksl
frkngksl committed May 29, 2024
1 parent e0000ba commit e350d75
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions mlflow/CVE-2023-6977/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# MLflow CVE-2023-6977

This directory contains the deployment config for MLflow instances vulnerable and fixed to CVE-2023-6977. MLflow versions below 2.9.2 are vulnerable to that arbitrary file read vulnerability.

The deployed service listens on port `5000` after the docker completes its job.

## Vulnerable version
docker run -p 127.0.0.1:5000:5000 ghcr.io/mlflow/mlflow:v2.10.0 mlflow server --host 0.0.0.0 --port 5000

## Fixed version
docker run -p 127.0.0.1:5000:5000 ghcr.io/mlflow/mlflow:v2.2.0 mlflow server --host 0.0.0.0 --port 5000

0 comments on commit e350d75

Please sign in to comment.