How severe is CVE-2024-0520?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2024-0520?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2024-0520 - CRITICAL Severity | CVSS 10

Vulnerability Description

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.

Related Vulnerabilities

CVE-2023-2356

CRITICAL

CVSS:10.0(Critical)

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

CWE-232023

CVE-2023-3941

CRITICAL

CVSS:10.0(Critical)

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X...

CWE-232023

CVE-2024-24578

CRITICAL

CVSS:10.0(Critical)

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE...

CWE-232024

CVE-2023-40714

CRITICAL

CVSS:9.9(Critical)

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

CWE-232023

CVE-2024-3025

CRITICAL

CVSS:9.9(Critical)

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by...

CWE-232024

CVE-2017-9664

CRITICAL

CVSS:9.8(Critical)

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy ...

CWE-232017