PyPI: mlflow

CVE-2023-2356

Safety vulnerability ID: SFTY-20230428-38887

Safety legacy ID: pyup.io-60592

Mlflow 2.3.1 includes a fix for a Relative Path Traversal vulnerability. By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made tomodel-versions/get-artifact` and providing any path on the local file system. https://github.com/advisories/GHSA-x422-6qhv-p29g

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 6, 2025Updated at: Nov 6, 2025

Overview

Relative path traversal in mlflow

Advisory

Mlflow 2.3.1 includes a fix for a Relative Path Traversal vulnerability. By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made tomodel-versions/get-artifact` and providing any path on the local file system. https://github.com/advisories/GHSA-x422-6qhv-p29g

Affected Package

Affecting mlflow package, versions
<2.3.1

Also affects

---

How to Fix

Upgrade
mlflow
to
2.3.1
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more