CVE-2023-6709

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 13, 2023

CWE ID 1336

Summary

CVE-2023-6709 is a vulnerability affecting the mlflow repository on GitHub, specifically versions prior to 2.9.2. The issue involves an improper neutralization of special elements in a template engine, potentially allowing attackers to inject malicious code and execute arbitrary commands. This could lead to serious security consequences, such as unauthorized access to data or system takeover. Developers using the affected version of mlflow are advised to update to the latest release to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Lfprojects Mlflow

Affected Vendors

LF Projects, LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tw7VIx
https://www.cve.org/CVERecord?id=CVE-2023-6709
https://nvd.nist.gov/vuln/detail/CVE-2023-6709

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners